CNVD-2018-01794 — Vulnetix

CNVD-2018-01794 PUBLISHED

SIEMENS楼宇自控系统Desigo PX可编程自动化站提供灵活的解决方案，能够发出报警信号、基于时间的日志记录程序和趋势，可随时修改或扩展。 Siemens DESIGO PX固件存在文件上传漏洞，未经身份验证的远程攻击者利用该漏洞上传恶意固件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Affected Products

Vendor	Product	Versions
	Siemens Desigo Automation Controllers PXC00/64/128-U with Web module <6.00.204
	Siemens Desigo Operator Unit PXM20-E <6.00.204
	Siemens Desigo Automation Controllers Modular PXC00/50/100/200-E.D <6.00.204
	Siemens Desigo Automation Controllers Compact PXC12/22/36-E.D <6.00.204

Timeline

Jan 25, 2018 CVE ID Reserved
Jan 25, 2018 CVE Published

References

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf url

Open in Interactive Console →