admin 发表于 2022-11-26 20:42:53

ROCKWELL AUTOMATION RSLINX CLASSIC远程代码执行CVE-2019-6553技术分析与防护方案

</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <img width="554" height="180" src="https://www.2k8.org/content/uploadfile/202211/26/3c2fdfc2.png" alt="" style="vertical-align:middle;" /><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">关于罗克韦尔自动化(此部分介绍来自官网)</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <b><span style="border:none windowtext 1.0pt;color:#777777;font-family:宋体;padding:0cm;">罗克韦尔自动化有限公司</span></b><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">(NYSE: ROK)</span><span style="color:#777777;font-family:宋体;">是全球最大的自动化和信息化公司之一,致力于帮助客户提高生产力,以及世界可持续发展。罗克韦尔自动化总部位于美国威斯康星州密尔沃基市,在</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">80</span><span style="color:#777777;font-family:宋体;">多个国家设有分支机构,现有雇员约</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">23,000</span><span style="color:#777777;font-family:宋体;">人。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">1988</span><span style="color:#777777;font-family:宋体;">年罗克韦尔自动化进入中国,目前已拥有超过</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">2000</span><span style="color:#777777;font-family:宋体;">多名雇员,并设有</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">26</span><span style="color:#777777;font-family:宋体;">个销售机构(包括香港和台湾地区),</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">5</span><span style="color:#777777;font-family:宋体;">个培训中心,位于上海的全球研发中心,大连软件开发中心,深圳、上海和北京</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">OEM</span><span style="color:#777777;font-family:宋体;">应用开发中心,位于上海和哈尔滨的三个生产基地。公司与国内十几家授权渠道伙伴及</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">70</span><span style="color:#777777;font-family:宋体;">余所知名大学开展了积极的合作,共同为制造业提供广泛的世界一流的产品与解决方案、服务支持及技术培训。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <span style="color:#777777;font-family:宋体;">罗克韦尔自动化与国内</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">11 </span><span style="color:#777777;font-family:宋体;">家授权分销商,</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">50</span><span style="color:#777777;font-family:宋体;">多家认可的系统集成商,</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">40</span><span style="color:#777777;font-family:宋体;">家</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Encompass</span><span style="color:#777777;font-family:宋体;">战略合作伙伴和全球战略联盟,共同为制造业企业提供广泛的世界一流的产品、解决方案与服务支持。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">受影响的版本</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Rockwell Automation RSLinx Classic 4.10.00</span><span style="color:#777777;font-family:宋体;">及之前版本。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">漏洞分析</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <span style="color:#777777;font-family:宋体;">该漏洞在网上没有过多的披露漏洞详情,只有通过补丁对比来定位漏洞点。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <span style="color:#777777;font-family:宋体;">补丁前(受影响的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">dll</span><span style="color:#777777;font-family:宋体;">版本号</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">3.81.15.6</span><span style="color:#777777;font-family:宋体;">):</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <img width="554" height="115" src="https://www.2k8.org/content/uploadfile/202211/26/df441cb5.png" alt="" style="vertical-align:middle;" /><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <span style="color:#777777;font-family:宋体;">补丁后(不受影响的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">dll</span><span style="color:#777777;font-family:宋体;">版本号</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">3.81.15.7</span><span style="color:#777777;font-family:宋体;">):</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <img width="553" height="133" src="https://www.2k8.org/content/uploadfile/202211/26/8ee4e2e0.png" alt="" style="vertical-align:middle;" /><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <span style="color:#777777;font-family:宋体;">可以很清楚地看到,此处通过增加对缓冲区大小进行判断阻止漏洞利用。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Cambria,serif;">&nbsp;</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">漏洞利用</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt &quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="color:#777777;font-family:宋体;">利用失败的效果。</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <img width="553" height="307" src="https://www.2k8.org/content/uploadfile/202211/26/c41aba6d.png" alt="" style="vertical-align:middle;" /><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt &quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="color:#777777;font-family:宋体;">利用成功效果。</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <img width="300" height="211" src="https://www.2k8.org/content/uploadfile/202211/26/67482098.gif" alt="" style="vertical-align:middle;" /><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">防护方案</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt &quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="color:#777777;font-family:宋体;">官方已经发布更新补丁,建议受影响版本立即升级到最新版本:</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:#F3F3F3;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <b><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1084828</span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt &quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="color:#777777;font-family:宋体;">使用绿盟科技工控漏洞扫描系统或者绿盟科技工业网络安全合规评估工具提前发现存在的风险。</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt &quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="color:#777777;font-family:宋体;">使用绿盟科技工控安全审计系统或者绿盟科技工控入侵监测系统及时发现漏洞利用行为。</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt &quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="color:#777777;font-family:宋体;">使用绿盟科技防护类产品(工控防火墙等)阻断利用此漏洞的攻击行为。</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Cambria,serif;">&nbsp;</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <b><span style="border:none windowtext 1.0pt;color:#1E1E1E;font-family:宋体;font-size:18.0pt;padding:0cm;">关于格物实验室</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <img width="166" height="166" src="https://www.2k8.org/content/uploadfile/202211/26/e05804db.png" alt="" style="vertical-align:middle;" /><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <b><span style="border:none windowtext 1.0pt;color:#777777;font-family:宋体;padding:0cm;">绿盟科技格物实验室</span></b><span style="color:#777777;font-family:宋体;">专注于工业互联网、车联网、物联网等方面的安全研究,曾发现多款工业物联网设备安全漏洞,协助厂商进行安全修复。多次参与国内外知名安全会议并发表专题演讲。积极与相关的厂商进行合作,共同努力创建和谐、稳定的网络安全生态环境</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
        <span lang="EN-US" style="color:#777777;font-family:Cambria,serif;">&nbsp;</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
        <span lang="EN-US">&nbsp;</span>
</p>
<p>
        <br />
</p>
<!--EndFragment-->
页: [1]
查看完整版本: ROCKWELL AUTOMATION RSLINX CLASSIC远程代码执行CVE-2019-6553技术分析与防护方案