VxWorks¶à¸öÇå¾²Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-30

¡ô Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12256£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12257£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12255£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12260£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12261£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12263£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.1£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12258£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12259£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.3£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12262£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.1£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12264£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.1£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-12265£¬£¬£¬£¬£¬£¬ £¬ £¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬ £¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º5.4£¬£¬£¬£¬£¬£¬ £¬ £¬¹Ù·½Î´ÆÀ¶¨


¡ô Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾

 

ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


¡ô Îó²î¸ÅÊö


VxWorksÊÇÌìÏÂÉÏʹÓÃ×îÆÕ±éµÄÒ»ÖÖÔÚǶÈëʽϵͳÖа²ÅŵÄʵʱ²Ù×÷ϵͳ£¬£¬£¬£¬£¬£¬ £¬ £¬ÊÇÓÉÃÀ¹úWindRiver¹«Ë¾£¨¼ò³Æ·çºÓ¹«Ë¾£¬£¬£¬£¬£¬£¬ £¬ £¬¼´WRS ¹«Ë¾£©ÓÚ1983ÄêÉè¼Æ¿ª·¢µÄ£¬£¬£¬£¬£¬£¬ £¬ £¬VxWorks±»Áè¼Ý20ÒŲ́װ±¸Ê¹Ó㬣¬£¬£¬£¬£¬ £¬ £¬°üÀ¨Òªº¦»ù´¡ÉèÊ©£¬£¬£¬£¬£¬£¬ £¬ £¬ÍøÂç×°±¸£¬£¬£¬£¬£¬£¬ £¬ £¬Ò½ÁÆ×°±¸£¬£¬£¬£¬£¬£¬ £¬ £¬¹¤ÒµÏµÍ³ÉõÖÁº½ÌìÆ÷¡£¡£¡£¡£¿£¿£¿£¿£¿£¿£¿£¿ÉÒÔ˵´ÓPLCµ½MRI»úе£¬£¬£¬£¬£¬£¬ £¬ £¬µ½·À»ðǽºÍ´òÓ¡»ú£¬£¬£¬£¬£¬£¬ £¬ £¬ÔÙµ½·É»ú£¬£¬£¬£¬£¬£¬ £¬ £¬»ð³µµÈµÈ¶¼ÓÐÆÕ±éÓ¦Óᣡ£¡£¡£


¿ËÈÕ£¬£¬£¬£¬£¬£¬ £¬ £¬VxWorks¹Ù·½Ðû²¼ÁËÇå¾²Îó²îͨ¸æ³ÆÐÞ¸´ÁËÓÉArmisÑо¿ÍŶӷ¢Ã÷²¢±¨¸æµÄ11¸öÇå¾²Îó²î£¬£¬£¬£¬£¬£¬ £¬ £¬ÆäÖÐÓÐ6¸ö¿Éµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐУ¨RCE£©Îó²î£¬£¬£¬£¬£¬£¬ £¬ £¬CVE-2019-12256¡¢CVE-2019-12255¡¢CVE-2019-12260 CVSSÆÀ·ÖΪ9.8·Ö¡£¡£¡£¡£ÆäÓà5¸öÎó²î¿ÉÄܵ¼Ö¾ܾøЧÀÍ£¬£¬£¬£¬£¬£¬ £¬ £¬ÐÅÏ¢×ß©»ò¹éÀàΪÂß¼­È±ÏÝ¡£¡£¡£¡£ÕâЩÎó²î±£´æÓÚVxWorksµÄTCP/IP¿ÍÕ»£¨IPnet£©ÖУ¬£¬£¬£¬£¬£¬ £¬ £¬Ó°ÏìVxWorks 7 (SR540 and SR610)¡¢VxWorks 6.5-6.9¼°Ê¹ÓÃInterpeak×ÔÁ¦ÍøÂç¿ÍÕ»µÄVxWorks°æ±¾¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔʹÓÃÆäÖÐÎó²îʵÏÖÎÞÐèÓû§½»»¥¼°ÈÏ֤ʵÏÖÔ¶³Ì¹¥»÷£¬£¬£¬£¬£¬£¬ £¬ £¬×îÖÕÔÚÍêÈ«¿ØÖÆÏà¹Ø×°±¸¡£¡£¡£¡£


ÔÚÈ«Çò£¬£¬£¬£¬£¬£¬ £¬ £¬Ê¹ÓÃVxWorksµÄÊýÄ¿ÓÐ126460¸ö£¬£¬£¬£¬£¬£¬ £¬ £¬ÆäÖÐÖйúÓÐ25046¸ö£¬£¬£¬£¬£¬£¬ £¬ £¬ÂþÑÜÈçÏ£º

 

ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


¡ô Îó²îÑéÖ¤


ÏÖÔÚArmisÑо¿ÍŶÓÐû²¼ÁËÀÖ³ÉʹÓÃÎó²î¿ØÖÆÁËSonicWall·À»ðǽ¡¢Xerox´òÓ¡»ú¡¢²¡È˼໤ÒǵÄÑÝʾÊÓƵ£¬£¬£¬£¬£¬£¬ £¬ £¬¿ÉÊÇûÓÐÐû²¼Îó²îÏà¹Øϸ½Ú»òÎó²îÑéÖ¤³ÌÐò¡£¡£¡£¡£


¡ô ÐÞ¸´½¨Òé


SonicWall¼°Xerox¹Ù·½¾ùÒѾ­Ðû²¼Ïà¹ØÎó²î¸üС£¡£¡£¡£
SonicWall£ºhttps://blog.sonicwall.com/en-us/2019/07/wind-river-vxworks-and-urgent-11-patch-now/
Xerox£ºhttps://security.business.xerox.com/en-us/


¡ô ²Î¿¼Á´½Ó


https://armis.com/urgent11/ 
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/