الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
Schneider Electric تنبيه
2883
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
16 يونيو, 2022
● عالي
2022-4955
الكل
الوصف:
أصدرت Schneider Electric عدة تحذيرات لمعالجة عدد من الثغرات في المنتجات التالية:
- EcoStruxure™ Control Expert
- Version 15.0 SP1 and prior
- EcoStruxure™ Process Expert
- Version 2021 and prior
- SCADAPack RemoteConnect™ for x70
- All Versions prior to R2.7.3
- SMT Series
- SMC Series
- SCL Series
- SMX Series
- SRT Series
- SRTL Series: SRTL1000RMXLI, SRTL1000RMXLI-NC SRTL1500RMXLI, SRTL1500RMXLI-NC SRTL2200RMXLI, SRTL2200RMXLI-NC SRTL3000RMXLI, SRTL3000RMXLI-NC
- SRC Series
- XU Series
- XP Series
- CHS2 Series
SURTD Series
- SMT Series
- SMC Series
- SMTL Series
- SCL Series
- SMX Series
- EcoStruxure Power Build: Rapsody Software
- Versions prior to Version 2.1.13
- Easergy C5x (C52/C53)
- Easergy MiCOMP30 range, model P439
- Easergy P5
- EPC2000
- EPC3000
- Easy Harmony ET6 (HMIET Series)
- Easy Harmony GXU (HMIGXU Series)
- Eurotherm E+PLC100
- Eurotherm E+PLC400
- Eurotherm Eycon 10/20 Visual Supervisor
- Eurotherm T2550 PAC
- Eurotherm T2750 PAC
- Harmony/ Magelis , HMIGTU Series, HMIGTUX Series, HMIGK Series
- HMISCU
- JACE-8000
- MiCOM C264
- Modicon M241/M251 Logic Controllers
- Modicon M262 Logic Controllers
- Modicon M258/ LMC058 Logic Controllers
- Modicon M340 CPU (BMXP34*)
- Modicon Quantum CPU and Communication Modules
- Modicon Premium CPU and Communication Modules
- Nanodac
- PacDrive Eco/Pro/Pro2 Logic Controllers
- PacDrive M
- PowerLogic ION7400
- PowerLogic PM8000
- PowerLogic ION9000
- Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series
- SCD6000 Industrial RTU
- SAGE RTU CPU C3414
- EcoStruxure™ Cybersecurity Admin Expert (CAE)
- Versions 2.2 and prior
- CanBRASS
- Versions prior to V7.5.1
- Schneider Electric C-Bus Network Automation Controller, LSS5500NAC
- Electric Wiser for C-Bus Automation Controller, LSS5500SHAC
- Clipsal C-Bus Network Automation Controller, 5500NAC V1.10.0
- Clipsal Wiser for C-Bus Automation Controller, 5500SHAC
- SpaceLogic C-Bus Network Automation Controller, 5500NAC2
- SpaceLogic C-Bus Application Controller, 5500AC2
- EcoStruxure Power Commission
- Versions prior to V2.22
- StruxureWare Data Center Expert
- Versions prior to V7.9.0
- Conext™ ComBox
- Geo SCADA Mobile
- IGSS Data Server (IGSSdataServer.exe)
- Versions prior to Version 15.0.0.22139
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة
- هجمة البرمجة عبر المواقع Cross-site scripting (XSS)
- تجاوز سعة مخزن الذاكرة المؤقت
- تجاوز المصادقات
الاجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت Schneider Electric توضيحًا لهذه التحديثات:
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-067-02_APC_Smart-UPS_Security_Notification_V4.0_EN.pdf&_ga=2.103360900.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-067-01_EcoStruxure_Control_Expert_and_EcoStruxure_Process_Expert_Security_Notification_V2.0.pdf&_ga=2.60827048.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-012-02_EcoStruxure_Power_Build_Rapsody_Security_Notification_V2.0.pdf&_ga=2.30762555.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V8.0.pdf&_ga=2.232607131.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf&_ga=2.60851880.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf&_ga=2.34545957.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf&_ga=2.265699723.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf&_ga=2.929461.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_%20StruxureWare_Data_Center_Expert_Security_Notification.pdf&_ga=2.31343035.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf&_ga=2.106259079.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf&_ga=2.106259079.586404113.1655273327-562376022.1654153326
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification.pdf&_ga=2.65612458.586404113.1655273327-562376022.1654153326
قيم المحتوى
شارك الصفحة
