Schneider Electric AVEVA Vijeo Citect和Schneider Electric AVEVA CitectSCADA不安全凭证存储漏洞

---

基本信息

时间： 2019-06-02

风险等级： 中

CNVD： CNVD-2019-16225

原地址： https://www.cnvd.org.cn/flaw/show/CNVD-2019-16225

---

描述

SchneiderElectricAVEVAVijeoCitect和SchneiderElectricAVEVACitectSCADA都是法国施耐德电气（SchneiderElectric）公司的一套数据采集与监控系统（SCADA）软件。SchneiderElectricAVEVAVijeoCitect和SchneiderElectricAVEVACitectSCADA中存在安全漏洞，该漏洞源于程序未能充分地保护凭证。本地攻击者可利用该漏洞访问Citect用户凭证。

产品

SchneiderElectricAVEVAVijeoCitect7.30SchneiderElectricAVEVAVijeoCitect7.40SchneiderElectricAVEVACitectSCADA7.30SchneiderElectricAVEVACitectSCADA7.40

解决方案

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页：https://www.aveva.com/

CVE

CVE-2019-10981

补丁

Schneider Electric AVEVA Vijeo Citect和Schneider Electric AVEVA CitectSCADA不安全凭证存储漏洞的补丁

来源

https://ics-cert.us-cert.gov/advisories/ICSA-19-150-01 https://www.auscert.org.au/bulletins/ESB-2019.1954/