本月国家信息安全漏洞共享平台(以下简称CNVD)收集整理信息安全漏洞的基本情况如下:
收集整理信息安全漏洞2154个,其中高危漏洞885个,中危漏洞1120个,低危漏洞149个。上述漏洞中,可被利用来实施远程网络攻击的漏洞有1855个。
1. 本月漏洞信息
1.1重要漏洞信息
本月CNVD收集和整理的漏洞信息中,对国内用户广泛使用的信息系统和应用程序影响较大的重要漏洞列表如表1所示。
|
序号 |
漏洞名称 |
编号及影响产品信息 |
影响描述 |
|
|
|
3 |
Siemens多款产品存在安全漏洞 |
CNVD编号 |
CNVD-2023-97252、CNVD-2023-97255 CNVD-2023-97257、CNVD-2023-97256 CNVD-2023-97258、CNVD-2023-97269 CNVD-2023-97270、CNVD-2023-97273 CNVD-2023-97274、CNVD-2023-97276 |
本月,Siemens多款产品存在安全漏洞。攻击者可利用该漏洞允许注入自定义创建的密钥对的公钥,然后由产品CA进行签名。生成自定义证书允许与相同版本的任何设备进行通信和模拟,导致拒绝服务条件,或者可能在系统执行命令,截获发送到UMC服务器的凭据,并操纵响应,从而升级权限等。本月漏洞包括:Siemens SINEC INS拒绝服务漏洞(CNVD-2023-97252)、Siemens SINEC INS操作系统命令注入漏洞、Siemens SCALANCE M-800/S615系列操作系统命令注入漏洞、Siemens SINEC INS证书验证不当漏洞、Siemens SCALANCE M-800/S615系列操作系统命令注入漏洞、Siemens多款产品Web服务器拒绝服务漏洞(CNVD-2023-97269、CNVD-2023-97270)、Siemens工业产品Web服务器拒绝服务漏洞、Siemens SINUMERIK ONE和SINUMERIK-MC拒绝服务漏洞、Siemens User Management Component (UMC)经典缓冲区溢出漏洞等。 |
|
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
其他编号 |
CVE-2023-48431、CVE-2023-48428 CVE-2023-49692、CVE-2023-48427 CVE-2023-49691、CVE-2022-47375 CVE-2022-47374、CVE-2023-38380 CVE-2023-46156、CVE-2023-46283 |
|
|||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
发布时间 |
2023-12-14 |
|
|||
|
影响产品 |
Siemens SINEC INS Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2) Siemens SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) Siemens SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) Siemens SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) Siemens SCALANCE M874-2 (6GK5874-2AA00-2AA2) Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2) Siemens SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) Siemens SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) Siemens SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) Siemens SCALANCE M876-4 (6GK5876-4AA10-2BA2) Siemens SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) Siemens SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) Siemens SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) Siemens SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) Siemens SCALANCE S615 (6GK5615-0AA00-2AA2) Siemens SCALANCE S615 EEC (6GK5615-0AA01-2AA2) Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2) Siemens SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0) Siemens SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0) Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0) Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0) Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0) Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0) Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0) Siemens SIMATIC PC-Station Plus Siemens SINAMICS S120 (incl. SIPLUS variants) Siemens SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) Siemens SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) Siemens SIMATIC CP 1243-1 (incl. SIPLUS variants) Siemens SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) Siemens SIMATIC CP 1243-7 LTE Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) Siemens SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) Siemens SINAMICS S210 (6SL5...) Siemens SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) Siemens LOGO! 12/24RCE (6ED1052-1MD08-0BA1) Siemens LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) Siemens LOGO! 24CEo (6ED1052-2CC08-0BA1) Siemens LOGO! 24RCE (6ED1052-1HB08-0BA1) Siemens LOGO! 24RCEo (6ED1052-2HB08-0BA1) Siemens LOGO! 230RCE (6ED1052-1FB08-0BA1) Siemens LOGO! 230RCEo (6ED1052-2FB08-0BA1) Siemens SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) Siemens SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) Siemens SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) Siemens SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) Siemens SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) Siemens SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) Siemens SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) Siemens SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) Siemens SINUMERIK ONE Siemens SINUMERIK MC Siemens Totally Integrated Automation Portal (TIA Portal) V16 Siemens SIMATIC PCS neo Siemens Opcenter Quality Siemens SINUMERIK Integrate RunMyHMI /Automotive |
|
|||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
4 |
Adobe多款产品存在安全漏洞 |
CNVD编号 |
CNVD-2023-94489、CNVD-2023-94490CNVD-2023-95449、CNVD-2023-95448CNVD-2023-95446、CNVD-2023-95451CNVD-2023-95450、CNVD-2023-95527CNVD-2023-99989、CNVD-2023-99993 |
本月,Adobe多款产品存在安全漏洞。攻击者可利用该漏洞在当前用户的上下文中执行代码等。本月漏洞包括:Adobe ColdFusion代码执行漏洞(CNVD-2023-94489、CNVD-2023-94490)、Adobe Premiere Pro越界读取漏洞(CNVD-2023-95449、CNVD-2023-95448)、Adobe Premiere Pro释放后重用漏洞、Adobe Premiere Pro缓冲区溢出漏洞(CNVD-2023-95451)、Adobe Premiere Pro越界写入漏洞(CNVD-2023-95450)、Adobe Photoshop越界写入漏洞(CNVD-2023-95527)、Adobe After Effects缓冲区溢出漏洞(CNVD-2023-99989)、Adobe Illustrator缓冲区溢出漏洞(CNVD-2023-99993)等。 |
|
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
其他编号 |
CVE-2023-44350、CVE-2023-44351 CVE-2023-47058、CVE-2023-47059 CVE-2023-47055、CVE-2023-47056 CVE-2023-47057、CVE-2023-44330 CVE-2023-48632、CVE-2023-47063 |
|
|||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
发布时间 |
2023-12-01 |
|
|||
|
影响产品 |
Adobe ColdFusion Adobe Premiere Pro Adobe Photoshop 2023 Adobe Photoshop 2024 Adobe After Effects Adobe Adobe Illustrator |
|
|||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||