銆愰噸瑕佽緹璋ｃ��--鍏充簬缃戜笂CODESYS瀹夊叏婕忔礊鐨勬緞娓呭拰璇存槑

admin

                                                                                                   

High Security standards for CODESYSCODESYS鐨勯珮瀹夊叏鏍囧噯
Kempten, January 2018:Recently found and reported vulnerabilities in CODESYS have been known andfixed for years. 鏉ヨ嚜CODESYS鎬婚儴锛岃偗鏅�婊曪紝2018骞�1鏈堬細鏈�杩戝湪缃戠粶涓�娴佽�岀殑CODESYS涓�鍙戠幇鍜屾姤鍛婄殑婕忔礊涓哄�氬勾鍓嶅凡鐭ュ苟宸蹭慨澶嶇殑闂�棰樸��
Thanks to the comprehensive capabilities of the leading IEC 61131-3 system CODESYS, the tool is used in many industrial controls from different manufacturers worldwide. The system is also popular in China.CODESYS鏄�鍏ㄧ悆棰嗗厛鐨勬帶鍒剁郴缁熶互鍙婅嚜鍔ㄥ寲琛屼笟杞�浠跺紑鍙戝伐鍏凤紝瀹冪�﹀悎IEC61131-3鏍囧噯锛屾�ц兘鍗撹秺锛屽湪鍏ㄤ笘鐣屽緢澶氫笉鍚屽埗閫犲晢鐨勫伐涓氭帶鍒朵腑寰椾互搴旂敤銆傝�ヨ蒋浠跺湪涓�鍥戒篃搴旂敤骞挎硾銆�
Recently, Security researchers have pointed out Security vulnerabilities in CODESYS and published them in a defamatory way in Chinese media. The researchers stated that by exploiting these vulnerabilities, controllers programmable with CODESYS V2.3could be deliberately brought to a crash, or their data accessed without authorization. 鏈�杩戯紝鏈夐潪瀹樻柟浜哄憳鎸囧嚭CODESYS涓�瀛樺湪瀹夊叏婕忔礊锛屽苟鐢ㄨ�借挨鎬х殑鏂瑰紡鍙戝竷鍦ㄤ腑鍥界殑閮ㄥ垎濯掍綋涓娿�傝繖浜涙姤閬撳０绉帮紝鍒╃敤杩欎簺婕忔礊锛屽彲钃勬剰浣緾ODESYSV2.3锛�2.3鐗堟湰锛夊紑鍙戠殑鍙�缂栫▼鐨勬帶鍒跺櫒宕╂簝锛屾垨鑰呮湭缁忔巿鏉冭�块棶杩欎簺鎺у埗鍣ㄧ殑鏁版嵁銆�
3S-Smart Software Solutions as a manufacturer of CODESYS has thoroughly examined the factual content of these reports. It turned out that the mentioned vulnerabilities are no longer relevant. They were detected in 2012 and 2016 and fixed immediately. Updated versions of the CODESYS Control runtime system were delivered to the device manufacturers - along with the urgent recommendation to integrate these Security updates into the affected devices as soon as possible. 浣滀负CODESYS鐨勫埗閫犲晢锛屽痉鍥�3S杞�浠舵湁闄愬叕鍙镐粩缁嗘��鏌ヤ簡杩欎簺鎶ラ亾鐨勫疄闄呭唴瀹癸紝骞跺彂鐜板叾鎵�鎻愬強鐨勬紡娲炴棭宸叉病鏈夋剰涔変簡銆傚洜涓猴紝鏃╁湪2012骞村拰2016骞达紝鍏�鍙稿氨宸叉煡鍑鸿繖浜涙紡娲烇紝骞跺湪鏌ュ嚭鍚庣珛鍗宠繘琛屼慨澶嶄笖淇�澶嶅畬鎴愩�傚痉鍥�3S杞�浠舵湁闄愬叕鍙镐篃鏃╁凡灏咰ODESYS Control杩愯�屽疄鏃剁郴缁熺殑鏇存柊鐗堟湰鎻愪氦缁欎簡鍚勮�惧�囧埗閫犲晢锛屽苟绱ф�ュ憡鐭ヤ粬浠�灏嗚繖浜涘畨鍏ㄦ洿鏂伴泦鎴愬埌鍙楁紡娲炲奖鍝嶇殑璁惧�囦腑銆�
The integration of theruntime system is the responsibility of the respective device manufacturers andcannot be carried out by 3S-Smart Software Solutions. Moreover, all users ofautomation devices should strictly adhere to the usual Security recommendationsat all times. More specifically, available Security updates are to beimplemented immediately, any relevant warnings are to be observed. The CODESYSSecurity White Paper summarizes important notes and can be downloaded from the3S-Smart Software Solutions website.浣嗛渶寮鸿皟鐨勬槸锛岃繍琛屽疄鏃剁郴缁熺殑闆嗘垚鏄�鍚勪釜璁惧�囧埗閫犲晢鐨勮矗浠伙紝3S杞�浠舵湁闄愬叕鍙告槸鏃犳硶浠ｆ浛瀹冧滑瀹炴柦鐨勩�傝�屼笖锛屾垜浠�鎻愰啋锛氭墍鏈夎嚜鍔ㄥ寲璁惧�囩殑鐢ㄦ埛閮藉繀椤绘椂鍒婚伒瀹堟�ｅ父瀹夊叏寤鸿��銆傛洿鍏蜂綋鍦拌�达紝宸叉彁渚涚殑瀹夊叏鏇存柊鍜岃ˉ涓佸繀椤荤珛鍗冲簲鐢�锛屼换浣曠浉鍏崇殑璀﹀憡蹇呴』寰楀埌閲嶈�嗐�侰ODESYS瀹夊叏鐧界毊涔︽�荤粨浜嗛噸瑕佺殑浜嬮」锛屽彲浠ヤ粠寰峰浗3S杞�浠舵湁闄愬叕鍙哥綉绔欎笂涓嬭浇銆�(鐐瑰嚮鏂囩珷涓嬫柟闃呰�诲師鏂囧彲涓嬭浇CODESYS瀹夊叏鐧界毊涔�)鎴栧敖蹇�鑱旂郴涓�鍥�3S鍥㈤槦 sales@codesys.cn
3S-Smart Software Solutions takes all aspects of CODESYS Security very seriously and has introduced processes and procedures that have already proven successful in the world of IT software. This includes numerous Security features in the current generation of the CODESYS V3 software, such as user administration at various levels,encryption/signing of data and communication via dongle or with proven technologies such as TLS or X. 509 certificates. CODESYS users can thus, for example, secure production processes based on the same technologies that have become standard in online banking. In addition, 3S-Smart Software Solutions has established transparent processes for publishing and resolving Security vulnerabilities: Security advisories are publicly accessible on our company's website. The corresponding Security patches can be downloaded from the CODESYSStore. For years, the company has been cooperating with relevant authoritiessuch as ICS-CERT (USA) or BSi (Germany) in the case of newly foundvulnerabilities.3S杞�浠舵湁闄愬叕鍙稿�笴ODESYS瀹夊叏鐨勬柟鏂归潰闈㈤兘闈炲父閲嶈�嗭紝骞跺紩鍏ヤ簡IT杞�浠剁晫鎴愬姛鐨勬祦绋嬪拰绋嬪簭銆傚湪鏂颁竴浠�CODESYSV3锛堢��3鐗堟湰锛夎蒋浠朵腑锛屽紩鍏ヤ簡澶ч噺瀹夊叏鐗规�э紝姣斿�備粠鍚勪釜绾у埆瀵圭敤鎴风殑绠＄悊锛屾暟鎹�鍔犲瘑/鏁版嵁绛惧悕锛屼互鍙婄敤鍔犲瘑鐙楁垨鑰呭儚TLS锛堝畨鍏ㄤ紶杈撳眰鍗忚��锛夋垨X.509璇佷功杩欐牱鐨勬垚鐔熸妧鏈�杩涜�岄�氳��銆備妇涓�渚嬪瓙锛屽洜涓烘湁浜嗚繖浜涘畨鍏ㄧ壒鎬э紝CODESYS鐨勭敤鎴峰氨鍙�浠ヤ繚璇佷粬浠�鐢熶骇娴佺▼鐨勫畨鍏�锛岃�岀敤鍒扮殑杩欎簺鎶�鏈�姝ｆ槸澶у�舵墍鐔熺煡鐨勶紝宸茬粡鎴愪负缃戜笂閾惰�屾爣鍑嗙殑淇℃伅瀹夊叏鎶�鏈�銆傛�ゅ�栵紝3S杞�浠舵湁闄愬叕鍙稿凡缁忓缓绔嬩簡鍙戝竷鍜岃В鍐冲畨鍏ㄦ紡娲炵殑閫忔槑娴佺▼锛氬畨鍏ㄥ叕鍛婁細鍏�寮�鍙戝竷鍦ㄦ垜鍏�鍙哥綉绔欎笂锛岀浉搴旂殑瀹夊叏琛ヤ竵鍙�浠嶤ODESYS鍟嗗簵涓嬭浇銆傦紙涓�鍥界綉绔欏皢鍦�2018骞翠笂鍗婂勾姝ｅ紡鍙戝竷锛屽苟闅忕潃瀹樼綉鏇存柊鑰屾洿鏂帮級銆傚�氬勾鏉ワ紝鍦ㄥ彂鐜版柊婕忔礊鐨勬椂鍊欙紝鎴戜滑浼氬拰ICS-CERT锛堢編鍥藉伐鎺х郴缁熺綉缁滃簲鎬ュ搷搴斿皬缁勶級鎴栬�匓Si锛堣嫳鍥芥爣鍑嗗崗浼�-寰峰浗缁勭粐锛夌瓑鐩稿叧閮ㄩ棬鍚堜綔瑙ｅ喅銆�