ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ19ÖÜ

Ðû²¼Ê±¼ä 2020-05-11

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ04ÈÕÖÁ05ÔÂ10ÈÕ¹²ÊÕ¼Çå¾²Îó²î60¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇAdvantech WebAccess Node¶à¸öÕ»Òç³öÎó²î; S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§´úÂëÖ´ÐÐÎó²î£»IBM Data Risk Managerí§ÒâÎļþÏÂÔØÎó²î£»3S-Smart Software Solutions CODESYS Runtime PLC_Task´úÂëÖ´ÐÐÎó²î£»Mozilla Firefox SCTP»º³åÇøÒç³öÎó²î¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǹȸèÐû²¼ÁËÕë¶ÔAndroid OSµÄÇå¾²¸üУ¬ÐÞ¸´¶à¸öÎó²î£»Èí¼þ¹«Ë¾SAPÐû²¼Æä²úÆ·±£´æÎó²î£¬»ò½«Ó°Ïì9£¥Óû§£»ºÚ¿ÍÉù³ÆÈëÇÖMicrosoft GitHubÕÊ»§£¬²¢ÇÔÈ¡³¬500GBÊý¾Ý£»ÈÎÌìÌÃÔâºÚ¿Í¹¥»÷£¬Ð¹Â¶°üÀ¨ÍêÕûÔ´´úÂëÔÚÄÚµÄ2TBÎļþ£»Ë¼¿ÆÐû²¼Çå¾²¸üУ¬ÐÞ¸´¶à¸ö²úÆ·ÖеÄ12¸öÎó²î¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬±¾ÖÜÇå¾²ÍþвΪÖС£


>Ö÷ÒªÇå¾²Îó²îÁбí


1. Advantech WebAccess Node¶à¸öÕ»Òç³öÎó²î


Advantech WebAccess Node±£´æ¶à¸öÕ»Òç³öÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓóÌÐò±ÀÀ£»ò¿ÉÖ´ÐÐí§Òâ´úÂë¡£

https://www.us-cert.gov/ics/advisories/icsa-20-128-0


2. S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§´úÂëÖ´ÐÐÎó²î


S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÖ´ÐÐí§Òâ´úÂë¡£

https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems


3. IBM Data Risk Managerí§ÒâÎļþÏÂÔØÎó²î


IBM Data Risk Manager±£´æĿ¼±éÀúÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÏÂÔØí§ÒâÎļþ¡£

https://www.ibm.com/support/pages/node/6206875


4. 3S-Smart Software Solutions CODESYS Runtime PLC_Task´úÂëÖ´ÐÐÎó²î


3S-Smart Software Solutions CODESYS Runtime PLC_Task¹¦Ð§±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÖ´ÐÐí§Òâ´úÂë¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. Mozilla Firefox SCTP»º³åÇøÒç³öÎó²î


Mozilla Firefox ESR SCTP»º³åÇøÒç³öÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄWEBÇëÇó£¬ÓÕʹÓû§ÆÊÎö£¬¿ÉʹӦÓóÌÐò±ÀÀ£»òÕß¿ÉÖ´ÐÐí§Òâ´úÂë¡£

https://www.auscert.org.au/bulletins/ESB-2020.1600/


> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢¹È¸èÐû²¼ÁËÕë¶ÔAndroid OSµÄÇå¾²¸üУ¬ÐÞ¸´¶à¸öÎó²î

ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/androids-may-2020-patches-fix-critical-system-vulnerability


2¡¢Èí¼þ¹«Ë¾SAPÐû²¼Æä²úÆ·±£´æÎó²î£¬»ò½«Ó°Ïì9£¥Óû§


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/sap-notifying-9-of-customers-about-security-bugs-in-some-cloud-products/


3¡¢ºÚ¿ÍÉù³ÆÈëÇÖMicrosoft GitHubÕÊ»§£¬²¢ÇÔÈ¡³¬500GBÊý¾Ý


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen/


4¡¢ÈÎÌìÌÃÔâºÚ¿Í¹¥»÷£¬Ð¹Â¶°üÀ¨ÍêÕûÔ´´úÂëÔÚÄÚµÄ2TBÎļþ


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.videogameschronicle.com/news/a-full-mario-64-pc-port-has-been-released/


5¡¢Ë¼¿ÆÐû²¼Çå¾²¸üУ¬ÐÞ¸´¶à¸ö²úÆ·ÖеÄ12¸öÎó²î


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/