內容說明:
CISA於112年3月份發布7個安全公告共43個漏洞,漏洞類型包含遠端執行任意程式碼與目錄遍歷等漏洞,CVSS分數最高達到9.8分。
影響平台:
以下為安全公告對應之受影響產品,詳細版本請參考CISA官方網站安全公告內容。
|
安全公告編號
|
影響產品名稱
|
|
ICSA-23-080-01
|
Keysight N6854A Geolocation Server與N6841A RF Sensor
|
|
ICSA-23-080-02
|
Delta Electronics InfraSuite Device Master
|
|
ICSA-23-080-04
|
Siemens RADIUS Client of SIPROTEC 5 Devices
|
|
ICSA-23-080-05
|
VISAM VBASE Automation Base
|
|
ICSA-23-080-06
|
Rockwell Automation ThinManager
|
|
ICSA-23-080-07
|
Siemens SCALANCE Third-Party
|
|
ICSA-21-343-01
|
Hitachi Energy GMS600、PWC600及Relion(Update A)
|
處置建議:
目前官方已針對弱點釋出修復更新及緩解措施,請各機關可聯絡系統維護廠商或參考CISA官網並對應安全公告:
https://www.cisa.gov/news-events/alerts/2023/03/21/cisa-releases-eight-industrial-control-systems-advisories
CVE編號:
CVE-2018-12886
CVE-2018-25032
CVE-2021-35534
CVE-2021-42373
CVE-2021-42374
CVE-2021-42375
CVE-2021-42376
CVE-2021-42377
CVE-2021-42378
CVE-2021-42379
CVE-2021-42380
CVE-2021-42381
CVE-2021-42382
CVE-2021-42383
CVE-2021-42384
CVE-2021-42385
CVE-2021-42386
CVE-2022-23395
CVE-2022-38767
CVE-2022-41696
CVE-2022-43512
CVE-2022-45121
CVE-2022-45468
CVE-2022-45876
CVE-2022-46286
CVE-2022-46300
CVE-2023-1133
CVE-2023-1134
CVE-2023-1135
CVE-2023-1136
CVE-2023-1137
CVE-2023-1138
CVE-2023-1139
CVE-2023-1140
CVE-2023-1141
CVE-2023-1142
CVE-2023-1143
CVE-2023-1144
CVE-2023-1145
CVE-2023-1399
CVE-2023-27855
CVE-2023-27856
CVE-2023-27857
參考資料:
1. https://thehackernews.com/2023/03/cisa-alerts-on-critical-security.html?&web_view=true
2. https://www.cisa.gov/news-events/alerts/2023/03/21/cisa-releases-eight-industrial-control-systems-advisories
3. https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-01
4. https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02
5. https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-04
6. https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05
7. https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-06
8. https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-07
9. https://www.cisa.gov/news-events/ics-advisories/icsa-21-343-01