الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تنبيه Schneider Electric
3003
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
10 مارس, 2022
● عالي
2022-4509
الكل
الوصف:
أصدرت Schneider Electric عدة تحذيرات لمعالجة عدد من الثغرات في المنتجات التالية:
- EcoStruxure™ Control Expert (All versions including former Unity Pro)
- EcoStruxure™ Process Expert (All versions including former HDCS)
- SCADAPack RemoteConnect™ for x70 (All versions)
- EcoStruxure™ Process Expert (V2021 and prior)
- EcoStruxure™ Control Expert (V15.0 SP1 and prior)
- APC Smart-UPS Family and SmartConnect Family (see Security Notification for affected series and versions)
- Ritto Wiser™ Door (All versions)
- EcoStruxure™ Control Expert (All versions including former Unity Pro)
- EcoStruxure™ Process Expert (All versions including former HDCS)
- SCADAPack RemoteConnect™ for x70 (All versions)
- EcoStruxure™ Process Expert (All versions prior to V2021)
- EcoStruxure™ Control Expert (V15.1 , V15.0 SP1 , All versions prior to V15.0 SP1 including all versions of Unity Pro)
- EcoStruxure™ Process Expert (V2021 , All versions including all versions of EcoStruxure Hybrid DCS)
- SCADAPack RemoteConnect™ for x70 (All versions)
- Modicon M580 CPU (All versions - part numbers BMEP* and BMEH*)
- Modicon M340 CPU (All versions - part numbers BMXP34*)
- IGSS Data Server: IGSSdataServer.exe (V15.0.0.22020 and prior)
- EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML (All Versions prior to SP8 (Version 01)V4.0.0.13)
- Easergy P40 Series model numbers with Ethernet option bit as Q, R, S (All PX4X firmware versions)
- spaceLYnk (V2.6.2 and prior), • Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior)
- fellerLYnk (V2.6.2 and prior)
- ClearSCADA (All Versions)
- EcoStruxure GeoSCADA Expert 2019 (All Versions)
- Harmony/Magelis iPC Series (All Versions),
- Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4),
- Vijeo Designer Basic (All Versions prior to V1.2.1)
- M241/M251 (All Versions),
- EcoStruxure Machine Expert (All Versions)
- Harmony/Magelis HMISTU Series, HMIGTO Series, HMIGTU Series, HMIGTUX Series, HMIGK Series, HMISCU Series, Vijeo Designer (V6.2 SP11 Hotfix 3 and prior)
- Eurotherm E+PLC100 (All Versions)
- Eurotherm E+PLC400 (All Versions)
- Eurotherm E+PLC tools (All Versions)
- Easy Harmony ET6 HMIET Series (Vijeo Designer Basic V1.2.1 and later)
- Easy Harmony GXU HMIGXU Series (Vijeo Designer Basic V1.2.1 and later)
- Lexium ILE ILA ILS firmware version (V01.103 and prior)
- Altivar 32/320/340/600/900 Profinet Communication Module (All Versions)
- Altivar 32/320 andLexium 32 Ethernet TCP/IP Communication Module (All Versions)
- Altivar 61/71 Profinet - Communication Card (All Versions)
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تجاوز المصادقات
- تجاوز سعة مخزن الذاكرة المؤقت
- تنفيذ برمجيات خبيثة
الاجراءات الوقائية:
يوصي المركز بتطبيق الإجراءات الوقائية وتحديث النسخ المتأثرة حال صدورها حيث أصدرت Schneider Electric توضيحًا لهذه التحذيرات:
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-03
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-03
- https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-01
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-175-01
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-03
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-06
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-225-01
قيم المحتوى
شارك الصفحة
