3S CoDeSys杩愯�屾椂宸ュ叿鍖呯┖鎸囬拡寮曠敤

3xcontrol

鍘熸枃鍦板潃锛�http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01
璇戞枃鍦板潃锛�http://www.ics-cert.com.cn/?p=195
璇戞枃鍦板潃锛�http://blog.csdn.net/icscert/article/details/21749007
璇戞枃浣滆�咃細ICS-CERT

姒傝堪
鐙�绔嬬爺绌惰�匩icholasMiles鍙戠幇浜哠mart SoftwareSloutions(3S) CoDeSys杩愯�屾椂宸ュ叿鍖呯殑绌烘寚閽堝紩鐢ㄦ紡娲炪��3S宸茬粡鍙戝竷浜嗘洿鏂帮紝淇�姝ｈ繖涓�婕忔礊銆侼icholas Miles宸茬粡娴嬭瘯浜嗘洿鏂帮紝纭�璁ゆ紡娲炲凡缁忎慨姝ｄ簡銆�
杩欎竴婕忔礊鍙�浠ヨ��杩滅▼鍒╃敤銆�
褰卞搷浜у搧
濡備笅鐗堟湰鐨凜oDeSys鍙楀奖鍝嶏細

• CoDeSys杩愯�屾椂宸ュ叿鍖匳2.4.7.44浠ュ墠鐗堟湰
  

褰卞搷鑼冨洿
濡傛灉琚�鍒╃敤锛屾敾鍑昏�呰兘澶熻繙绋嬪埄鐢ㄦ�ゆ紡娲炲�艰嚧杩愯�屾椂宸ュ叿搴旂敤绋嬪簭涓�鐨勭郴缁熷穿婧冦��
瀵逛簬姣忎釜缁勭粐鏈烘瀯鐨勫奖鍝嶅彇鍐充簬姣忎釜缁勭粐鐗规湁鐨勫�氭柟闈㈠洜绱犮�侼CCIC/ICS-CERT寤鸿��鍚勭粍缁囨満鏋勫熀浜庤嚜韬�鐨勬搷浣滅幆澧冦�佹灦鏋勫拰浜у搧鎯呭喌鏉ヨ瘎浼拌繖浜涙紡娲炰骇鐢熺殑褰卞搷銆�
鑳屾櫙
3S鏄�涓�涓�寰峰浗鐨勫叕鍙革紝鍦ㄥ痉鍥藉拰鍖椾含璁炬湁鍔炰簨鏈烘瀯銆�3S寮�鍙戣蒋浠跺簲鐢ㄤ簬鍚勭�嶅悇鏍风殑鍙�缂栫▼鎺у埗鍣ㄥ拰宸ヤ笟鎺у埗鍣ㄣ��3S涔熷紑鍙戝彲瑙嗗寲搴旂敤绋嬪簭锛堜汉鏈虹晫闈�锛夛紝宸ョ▼妗岄潰缂栫▼骞冲彴锛屽畨鍏ㄦā鍧楀拰鐜板満鎺у埗鍣ㄣ��
鍙楀奖鍝嶇殑浜у搧锛孋oDeSys杩愯�屾椂宸ュ叿锛屾槸宓屽叆鍦ㄧ��涓夋柟鐨勮蒋浠朵腑锛岃繖浜涜蒋浠跺簲鐢ㄤ簬鍚勭�嶅悇鏍风殑鍘傚晢鐨凷CADA绯荤粺涓�銆傛嵁3S鐨勬秷鎭�锛孋oDeSys鐨勯儴缃茶法澶氫釜琛屼笟锛屽寘鎷�鍏抽敭鍒堕�犮�佹ゼ瀹囪嚜鍔ㄥ寲銆佽兘婧愩�佷氦閫氱瓑绛夈��3S浼拌�★紝杩欎簺浜у搧搴旂敤鍦ㄥ叏鐞冭寖鍥淬��
婕忔礊鐗瑰緛
婕忔礊姒傝堪
绌烘寚閽堝紩鐢�a
CoDeSys杩愯�屾椂宸ュ叿涓�鐨勪竴涓�鎸囬拡锛屽笇鏈涘叾鍊兼槸鏈夋晥鐨勶紝浣嗘槸杩欎竴鎸囬拡鐨勫�间负NULL銆傞�氳繃寮曠敤杩欎竴绌烘寚閽堬紝鏀诲嚮鑰呰兘澶熶娇杩愯�屾椂宸ュ叿宕╂簝銆�
杩欎竴婕忔礊琚�瀹氫箟涓篊VE-2014-0757b銆侰VSS v2鐨勫垎鏁颁负4.3锛孋VSS鍚戦噺瀛楃�︿覆涓�(AV:N/AC:M/Au:N/C:N/I:N/A:C).c
婕忔礊璇︾粏淇℃伅
鍙�鍒╃敤鎬�
鏈�婕忔礊鍙�浠ヨ��杩滅▼鍒╃敤
Exp浠ｇ爜
鐩�鍓嶈繕娌℃湁鍙戠幇閽堝�规�ゆ紡娲炵殑Exp浠ｇ爜琚�鍏�甯冨嚭鏉ャ��
闅惧害
鍏锋湁涓�绛夋妧鏈�姘村钩鐨勬敾鍑昏�呭彲浠ュ埄鐢ㄦ�ゆ紡娲炪��
瑙ｅ喅鍔炴硶
3S宸茬粡鍙戝竷浜嗘洿鏂帮紝鍙�浠ュ湪3S CODESYS鐨勭殑涓嬭浇椤典笅杞斤細
http://www.codesys.com/support-training/self-help/downloads-updates.html
璇疯仈绯籆ODESYS鏀�鎸佷腑蹇冩潵浜嗚В鏇存柊鐨勯�濆�栦俊鎭�銆�
NCCIC/ICS-CERT榧撳姳鎵�鏈夎�呴噰鍙栭�濆�栫殑鎺�鏂芥潵淇濇姢杩欎簺椋庨櫓鍙婂叾浠栫殑瀹夊叏椋庨櫓銆�

• 灏藉彲鑳界殑灏戞毚闇叉帶鍒剁郴缁熻�惧�囨垨绯荤粺鑷�韬�鐨勭綉缁滐紝骞剁‘淇濅粬浠�涓嶈��浜掕仈缃戣�块棶銆�
• 鍦ㄦ湰鍦版帶鍒剁郴缁熺綉缁滃拰杩滅▼璁惧�囦箣闂撮儴缃查槻鐏�澧欙紝骞跺皢鎺у埗缃戠粶涓庝紒涓氱綉缁滈殧绂汇��
• 濡傛灉闇�瑕佽繙绋嬭�块棶锛岄噰鐢ㄥ畨鍏ㄧ殑鏂规硶锛屼緥濡俈PN锛孷PN琚�璁や负鏄�鍞�涓�瀹夊叏鐨勮�块棶鏂瑰紡銆�
  

NCCIC/ICS-CERT褰撶劧杩樻彁渚涗簡閽堝�瑰伐涓氭帶鍒朵俊鎭�瀹夊叏鏂归潰鐨勫缓璁�鍦ㄦ�よ矾寰勪笅
http://ics-cert.us-cert.gov/content/recommended-practices.
寰堝�氬缓璁�鏄�鍙�浠ヨ�荤殑锛屽苟涓斿彲浠ヤ笅杞斤紝鍖呮嫭銆婇噰鐢ㄧ旱娣遍槻寰＄瓥鐣ユ潵鎻愰珮宸ヤ笟鎺у埗绯荤粺淇℃伅瀹夊叏銆嬨�侼CCIC/ICS-CERT 寤鸿��鍚勯儴闂ㄨ繘琛屽湪閮ㄧ讲瀹夊叏闃插尽鏃讹紝鍏堥�傚綋鐨勮繘琛屽畨鍏ㄥ垎鏋愬拰椋庨櫓璇勪及銆�
鍏朵粬鐩稿叧鐨勮В鍐虫柟妗堟寚瀵煎拰寤鸿��鍙戝竷鍦ㄤ簡NCCIC/ICS-CERT鐨勬妧鏈�淇℃伅鏂囩珷涓婏紝ICS-TIP-12-146-01Bg锛岃�ユ枃绔犲彲浠ュ湪NCCIC/ICS-CERT鐨勭綉绔欎笂涓嬭浇銆�
鍚勭粍缁囨満鏋勫�傛灉鍙戠幇浜嗕竴浜涙湁鎭舵剰瀚岀枒鐨勭▼搴忥紝鍙�浠ュ皢鍏舵姤鍛婄粰NCCIC/ICS-CERT鏉ヨ窡韪�鍜屽�瑰簲杩欎簺鎰忓�栥��
鍙傝�冩枃妗�

• a.CWE-476: NULL Pointer Dereference, http://cwe.mitre.org/data/definitions/476.html, Web site last accessed January 30, 2014.
• b.NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0757, NIST uses this advisory to create the CVE Web site report. This Web site will be active sometime after publication of this advisory.
• c.CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:C, Web site last accessed January 30, 2014.