中文描述:

Siemens SIPROTEC 5 6MD84等都是德国西门子（Siemens）公司的一款继电器设备。 Siemens多款产品存在安全漏洞，该漏洞源于未限制本地USB端口带宽，可能导致拒绝服务攻击。以下产品及版本受到影响：SIPROTEC 5 6MD84、SIPROTEC 5 6MD85、SIPROTEC 5 6MD86、SIPROTEC 5 6MD89、SIPROTEC 5 6MU85、SIPROTEC 5 7KE85、SIPROTEC 5 7SA82、SIPROTEC 5 7SA86、SIPROTEC 5 7SA87、SIPROTEC 5 7SD82、SIPROTEC 5 7SD86、SIPROTEC 5 7SD87、SIPROTEC 5 7SJ81、SIPROTEC 5 7SJ82、SIPROTEC 5 7SJ85、SIPROTEC 5 7SJ86、SIPROTEC 5 7SK82、SIPROTEC 5 7SK85、SIPROTEC 5 7SL82、SIPROTEC 5 7SL86、SIPROTEC 5 7SL87、SIPROTEC 5 7SS85、SIPROTEC 5 7ST85、SIPROTEC 5 7ST86、SIPROTEC 5 7SX82、SIPROTEC 5 7SX85、SIPROTEC 5 7SY82、SIPROTEC 5 7UM85、SIPROTEC 5 7UT82、SIPROTEC 5 7UT85、SIPROTEC 5 7UT86、SIPROTEC 5 7UT87、SIPROTEC 5 7VE85、SIPROTEC 5 7VK87、SIPROTEC 5 7VU85和SIPROTEC 5 Compact 7SX800 V10.0之前版本。

英文描述:

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability.

CWE类型:

标签:

中文解决方案:

英文解决方案:

临时解决方案:

发布时间:

修改时间:

创建时间:

更新时间:

当前版本: v3

主要语言: EN

支持语言: