ÐÅÏ¢°²È«Öܱ¨-2020ÄêµÚ19ÖÜ

°ä²¼¹¦·ò 2020-05-11

> ±¾ÖÜ°²È«Ì¬ÊÆ×ÛÊö


2020Äê05ÔÂ04ÈÕÖÁ05ÔÂ10ÈÕ¹²ÊÕ¼°²È«·ì϶60¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇAdvantech WebAccess Node¶à¸öÕ»Òç¶Âí½Å; S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·ÝÖ°ÄÜ´úÂëÖ´Ðзì϶ £»IBM Data Risk ManagerËÁÒâÎļþÏÂÔØ·ì϶ £»3S-Smart Software Solutions CODESYS Runtime PLC_Task´úÂëÖ´Ðзì϶ £»Mozilla Firefox SCTP»º³åÇøÒç¶Âí½Å¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊǹȸè°ä²¼ÁËÕë¶ÔAndroid OSµÄ°²È«¸üР£¬½¨¸´¶à¸ö·ì϶ £»Èí¼þ¹«Ë¾SAP°ä·¢Æä²úÆ·´æÔÚ·ì϶ £¬»ò½«Ó°Ïì9£¥Óû§ £»ºÚ¿ÍÐû³ÆÈëÇÖMicrosoft GitHubÕÊ»§ £¬²¢ÇÔÈ¡³¬500GBÊý¾Ý £»ÈÎÌìÌÃÔâºÚ¿Í¹¥»÷ £¬Ð¹Â¶Ô̺¬ÆëÈ«Ô´´úÂëÔÚÄÚµÄ2TBÎļþ £»Ë¼¿Æ°ä²¼°²È«¸üР£¬½¨¸´¶à¸ö²úÆ·ÖеÄ12¸ö·ì϶¡£


ƾ¾ÝÒÔÉÏ×ÛÊö £¬±¾ÖÜ°²È«ÍþвΪÖС£


>³ÁÒª°²È«·ì϶Áбí


1. Advantech WebAccess Node¶à¸öÕ»Òç¶Âí½Å


Advantech WebAccess Node´æÔÚ¶à¸öÕ»Òç¶Âí½Å £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉʹÀûÓ÷¨Ê½±ÀÀ £»ò¿ÉÖ´ÐÐËÁÒâ´úÂë¡£

https://www.us-cert.gov/ics/advisories/icsa-20-128-0


2. S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·ÝÖ°ÄÜ´úÂëÖ´Ðзì϶


S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·ÝÖ°ÄÜ´æÔÚ°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉÖ´ÐÐËÁÒâ´úÂë¡£

https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems


3. IBM Data Risk ManagerËÁÒâÎļþÏÂÔØ·ì϶


IBM Data Risk Manager´æÔÚĿ¼±éÀú·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉÏÂÔØËÁÒâÎļþ¡£

https://www.ibm.com/support/pages/node/6206875


4. 3S-Smart Software Solutions CODESYS Runtime PLC_Task´úÂëÖ´Ðзì϶


3S-Smart Software Solutions CODESYS Runtime PLC_TaskÖ°ÄÜ´æÔÚ°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉÖ´ÐÐËÁÒâ´úÂë¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. Mozilla Firefox SCTP»º³åÇøÒç¶Âí½Å


Mozilla Firefox ESR SCTP»º³åÇøÒç¶Âí½Å £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄWEBÒªÇó £¬ÓÕʹÓû§½âÎö £¬¿ÉʹÀûÓ÷¨Ê½±ÀÀ £»òÕß¿ÉÖ´ÐÐËÁÒâ´úÂë¡£

https://www.auscert.org.au/bulletins/ESB-2020.1600/


> ³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢¹È¸è°ä²¼ÁËÕë¶ÔAndroid OSµÄ°²È«¸üР£¬½¨¸´¶à¸ö·ì϶

GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/androids-may-2020-patches-fix-critical-system-vulnerability


2¡¢Èí¼þ¹«Ë¾SAP°ä·¢Æä²úÆ·´æÔÚ·ì϶ £¬»ò½«Ó°Ïì9£¥Óû§


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/sap-notifying-9-of-customers-about-security-bugs-in-some-cloud-products/


3¡¢ºÚ¿ÍÐû³ÆÈëÇÖMicrosoft GitHubÕÊ»§ £¬²¢ÇÔÈ¡³¬500GBÊý¾Ý


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen/


4¡¢ÈÎÌìÌÃÔâºÚ¿Í¹¥»÷ £¬Ð¹Â¶Ô̺¬ÆëÈ«Ô´´úÂëÔÚÄÚµÄ2TBÎļþ


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.videogameschronicle.com/news/a-full-mario-64-pc-port-has-been-released/


5¡¢Ë¼¿Æ°ä²¼°²È«¸üР£¬½¨¸´¶à¸ö²úÆ·ÖеÄ12¸ö·ì϶


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/