ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ19ÖÜ

Ðû²¼Ê±¼ä 2020-05-11

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ04ÈÕÖÁ05ÔÂ10ÈÕ¹²ÊÕ¼Çå¾²Îó²î60¸ö£¬£¬ £¬ÖµµÃ¹Ø×¢µÄÊÇAdvantech WebAccess Node¶à¸öÕ»Òç³öÎó²î; S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§´úÂëÖ´ÐÐÎó²î£»£»£»£»IBM Data Risk Managerí§ÒâÎļþÏÂÔØÎó²î£»£»£»£»3S-Smart Software Solutions CODESYS Runtime PLC_Task´úÂëÖ´ÐÐÎó²î£»£»£»£»Mozilla Firefox SCTP»º³åÇøÒç³öÎó²î¡£¡£¡£ ¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǹȸèÐû²¼ÁËÕë¶ÔAndroid OSµÄÇå¾²¸üУ¬£¬ £¬ÐÞ¸´¶à¸öÎó²î£»£»£»£»Èí¼þ¹«Ë¾SAPÐû²¼Æä²úÆ·±£´æÎó²î£¬£¬ £¬»ò½«Ó°Ïì9£¥Óû§£»£»£»£»ºÚ¿ÍÉù³ÆÈëÇÖMicrosoft GitHubÕÊ»§£¬£¬ £¬²¢ÇÔÈ¡³¬500GBÊý¾Ý£»£»£»£»ÈÎÌìÌÃÔâºÚ¿Í¹¥»÷£¬£¬ £¬Ð¹Â¶°üÀ¨ÍêÕûÔ´´úÂëÔÚÄÚµÄ2TBÎļþ£»£»£»£»Ë¼¿ÆÐû²¼Çå¾²¸üУ¬£¬ £¬ÐÞ¸´¶à¸ö²úÆ·ÖеÄ12¸öÎó²î¡£¡£¡£ ¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬ £¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£ ¡£¡£¡£


>Ö÷ÒªÇå¾²Îó²îÁбí


1. Advantech WebAccess Node¶à¸öÕ»Òç³öÎó²î


Advantech WebAccess Node±£´æ¶à¸öÕ»Òç³öÎó²î£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬¿ÉʹӦÓóÌÐòÍ߽⻣»£»£»ò¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£ ¡£¡£¡£

https://www.us-cert.gov/ics/advisories/icsa-20-128-0


2. S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§´úÂëÖ´ÐÐÎó²î


S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§±£´æÇå¾²Îó²î£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£ ¡£¡£¡£

https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems


3. IBM Data Risk Managerí§ÒâÎļþÏÂÔØÎó²î


IBM Data Risk Manager±£´æĿ¼±éÀúÎó²î£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬¿ÉÏÂÔØí§ÒâÎļþ¡£¡£¡£ ¡£¡£¡£

https://www.ibm.com/support/pages/node/6206875


4. 3S-Smart Software Solutions CODESYS Runtime PLC_Task´úÂëÖ´ÐÐÎó²î


3S-Smart Software Solutions CODESYS Runtime PLC_Task¹¦Ð§±£´æÇå¾²Îó²î£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£ ¡£¡£¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. Mozilla Firefox SCTP»º³åÇøÒç³öÎó²î


Mozilla Firefox ESR SCTP»º³åÇøÒç³öÎó²î£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄWEBÇëÇ󣬣¬ £¬ÓÕʹÓû§ÆÊÎö£¬£¬ £¬¿ÉʹӦÓóÌÐòÍ߽⻣»£»£»òÕß¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£ ¡£¡£¡£

https://www.auscert.org.au/bulletins/ESB-2020.1600/


> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢¹È¸èÐû²¼ÁËÕë¶ÔAndroid OSµÄÇå¾²¸üУ¬£¬ £¬ÐÞ¸´¶à¸öÎó²î

Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/androids-may-2020-patches-fix-critical-system-vulnerability


2¡¢Èí¼þ¹«Ë¾SAPÐû²¼Æä²úÆ·±£´æÎó²î£¬£¬ £¬»ò½«Ó°Ïì9£¥Óû§


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/sap-notifying-9-of-customers-about-security-bugs-in-some-cloud-products/


3¡¢ºÚ¿ÍÉù³ÆÈëÇÖMicrosoft GitHubÕÊ»§£¬£¬ £¬²¢ÇÔÈ¡³¬500GBÊý¾Ý


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen/


4¡¢ÈÎÌìÌÃÔâºÚ¿Í¹¥»÷£¬£¬ £¬Ð¹Â¶°üÀ¨ÍêÕûÔ´´úÂëÔÚÄÚµÄ2TBÎļþ


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.videogameschronicle.com/news/a-full-mario-64-pc-port-has-been-released/


5¡¢Ë¼¿ÆÐû²¼Çå¾²¸üУ¬£¬ £¬ÐÞ¸´¶à¸ö²úÆ·ÖеÄ12¸öÎó²î


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/