酷德网

Kx-m3酷自造发布!
查看: 349|回复: 0

【重要辟谣】--关于网上CODESYS安全漏洞的澄清和说明

[复制链接]
  • TA的每日心情
    奋斗
    2017-12-16 07:07
  • 签到天数: 30 天

    [LV.5]常住居民I

    发表于 2018-1-19 08:25:40 | 显示全部楼层 |阅读模式
                                                                                                       
    1ee3d12d97b529a5238985569f6b12a6.jpg
    High Security standards for CODESYSCODESYS的高安全标准
    Kempten, January 2018:Recently found and reported vulnerabilities in CODESYS have been known andfixed for years. 来自CODESYS总部,肯普滕,2018年1月:最近在网络中流行的CODESYS中发现和报告的漏洞为多年前已知并已修复的问题。
    Thanks to the comprehensive capabilities of the leading IEC 61131-3 system CODESYS, the tool is used in many industrial controls from different manufacturers worldwide. The system is also popular in China.CODESYS是全球领先的控制系统以及自动化行业软件开发工具,它符合IEC61131-3标准,性能卓越,在全世界很多不同制造商的工业控制中得以应用。该软件在中国也应用广泛。
    Recently, Security researchers have pointed out Security vulnerabilities in CODESYS and published them in a defamatory way in Chinese media. The researchers stated that by exploiting these vulnerabilities, controllers programmable with CODESYS V2.3could be deliberately brought to a crash, or their data accessed without authorization. 最近,有非官方人员指出CODESYS中存在安全漏洞,并用诽谤性的方式发布在中国的部分媒体上。这些报道声称,利用这些漏洞,可蓄意使CODESYSV2.3(2.3版本)开发的可编程的控制器崩溃,或者未经授权访问这些控制器的数据。
    3S-Smart Software Solutions as a manufacturer of CODESYS has thoroughly examined the factual content of these reports. It turned out that the mentioned vulnerabilities are no longer relevant. They were detected in 2012 and 2016 and fixed immediately. Updated versions of the CODESYS Control runtime system were delivered to the device manufacturers - along with the urgent recommendation to integrate these Security updates into the affected devices as soon as possible. 作为CODESYS的制造商,德国3S软件有限公司仔细检查了这些报道的实际内容,并发现其所提及的漏洞早已没有意义了。因为,早在2012年和2016年,公司就已查出这些漏洞,并在查出后立即进行修复且修复完成。德国3S软件有限公司也早已将CODESYS Control运行实时系统的更新版本提交给了各设备制造商,并紧急告知他们将这些安全更新集成到受漏洞影响的设备中。
    The integration of theruntime system is the responsibility of the respective device manufacturers andcannot be carried out by 3S-Smart Software Solutions. Moreover, all users ofautomation devices should strictly adhere to the usual Security recommendationsat all times. More specifically, available Security updates are to beimplemented immediately, any relevant warnings are to be observed. The CODESYSSecurity White Paper summarizes important notes and can be downloaded from the3S-Smart Software Solutions website.但需强调的是,运行实时系统的集成是各个设备制造商的责任,3S软件有限公司是无法代替它们实施的。而且,我们提醒:所有自动化设备的用户都必须时刻遵守正常安全建议。更具体地说,已提供的安全更新和补丁必须立即应用,任何相关的警告必须得到重视。CODESYS安全白皮书总结了重要的事项,可以从德国3S软件有限公司网站上下载。(点击文章下方阅读原文可下载CODESYS安全白皮书)或尽快联系中国3S团队 sales@codesys.cn
    3S-Smart Software Solutions takes all aspects of CODESYS Security very seriously and has introduced processes and procedures that have already proven successful in the world of IT software. This includes numerous Security features in the current generation of the CODESYS V3 software, such as user administration at various levels,encryption/signing of data and communication via dongle or with proven technologies such as TLS or X. 509 certificates. CODESYS users can thus, for example, secure production processes based on the same technologies that have become standard in online banking. In addition, 3S-Smart Software Solutions has established transparent processes for publishing and resolving Security vulnerabilities: Security advisories are publicly accessible on our company's website. The corresponding Security patches can be downloaded from the CODESYSStore. For years, the company has been cooperating with relevant authoritiessuch as ICS-CERT (USA) or BSi (Germany) in the case of newly foundvulnerabilities.3S软件有限公司对CODESYS安全的方方面面都非常重视,并引入了IT软件界成功的流程和程序。在新一代CODESYSV3(第3版本)软件中,引入了大量安全特性,比如从各个级别对用户的管理,数据加密/数据签名,以及用加密狗或者像TLS(安全传输层协议)或X.509证书这样的成熟技术进行通讯。举个例子,因为有了这些安全特性,CODESYS的用户就可以保证他们生产流程的安全,而用到的这些技术正是大家所熟知的,已经成为网上银行标准的信息安全技术。此外,3S软件有限公司已经建立了发布和解决安全漏洞的透明流程:安全公告会公开发布在我公司网站上,相应的安全补丁可从CODESYS商店下载。(中国网站将在2018年上半年正式发布,并随着官网更新而更新)。多年来,在发现新漏洞的时候,我们会和ICS-CERT(美国工控系统网络应急响应小组)或者BSi(英国标准协会-德国组织)等相关部门合作解决。

    ae0aaf775d1e2388c2426b21b8a37e9c.jpg
    bb92f1dd37960048dcbc077fe1694764.jpg
    8cc80c9690c8ef561ad72bb2fb73d241.jpg
    6b7ffdb4311165511d51a0034a5ac4b0.jpg
    5454373c6ccde630d48e8c627f1eb1b0.jpg


    4c898cf8bc9373e373f98561bc15870d.jpg

                   
    回复

    使用道具 举报

    您需要登录后才可以回帖 登录 | 立即注册 新浪微博账号登陆

    本版积分规则

    
    顶部qrcode底部
    关注酷德网订阅号,获取更多资讯!

    QQ|小黑屋|手机版|Archiver|酷德论坛 ( 苏ICP备16065247号 )|网站地图

    GMT+8, 2018-11-17 23:41 , Processed in 0.428232 second(s), 21 queries , MemCache On.

    酷德网

    © 2001-2013 Hicodesys. 技术支持 by 酷德网

    快速回复 返回顶部 返回列表