Siemens Scalance W-700系列身份验证绕过漏洞(CVE-2013-4652)
Siemens Scalance W-700系列身份验证绕过漏洞(CVE-2013-4652)
发布日期:2013-07-31
更新日期:2013-08-02
受影响系统:
Siemens Scalance W-700 Series SCALANCE W788-1PRO, W788-2PRO,
Siemens Scalance W-700 Series SCALANCE W786-1PRO, W786-2PRO,
Siemens Scalance W-700 Series SCALANCE W784-1, W784-1RR
Siemens Scalance W-700 Series SCALANCE W744-1PRO, W746-1PRO,
Siemens Scalance W-700 Series SCALANCE W744-1, W746-1, W747-
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 61540
CVE(CAN) ID: CVE-2013-4652
Siemens Scalance W-700系列设备是无线通讯设备。
Siemens Scalance W-700系列固件版本4.5.4之前版本的命令行管理接口存在错误,可被利用通过SSH或telnet访问受影响系统。
<*来源:vendor
链接:http://www.securelist.com/en/advisories/54168
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-1
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Siemens
-------
Siemens已经为此发布了一个安全公告(siemens_security_advisory_ssa-120908.pdf)以及相应补丁:
siemens_security_advisory_ssa-120908.pdf:SSA-120908: Vulnerabilities in Siemens Scalance W-7xx (a/b/g) Product Family
链接:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-1
补丁下载:http://support.automation.siemens.com/WW/view/en/77427398
评论暂时关闭