cnvd-2016-05694
Vulnerability from cnvd
Title
Rockwell Automation FactoryTalk EnergyMetrix SQL注入漏洞
Description
Rockwell Automation FactoryTalk EnergyMetrix是美国罗克韦尔(Rockwell Automation)公司的一个基于Web的用于捕获、分析、存储和共享能源数据的软件管理包。 Rockwell Automation FactoryTalk EnergyMetrix 2.20.00之前的版本中存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意SQL命令。
Severity
Patch Name
Rockwell Automation FactoryTalk EnergyMetrix SQL注入漏洞的补丁
Patch Description
Rockwell Automation FactoryTalk EnergyMetrix是美国罗克韦尔(Rockwell Automation)公司的一个基于Web的用于捕获、分析、存储和共享能源数据的软件管理包。 Rockwell Automation FactoryTalk EnergyMetrix 2.20.00之前的版本中存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意SQL命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页: http://www.rockwellautomation.com/

Reference
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03
Impacted products
Name
Rockwell Automation FactoryTalk EnergyMetrix <2.20.00
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "92135"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4522"
    }
  },
  "description": "Rockwell Automation FactoryTalk EnergyMetrix\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u7528\u4e8e\u6355\u83b7\u3001\u5206\u6790\u3001\u5b58\u50a8\u548c\u5171\u4eab\u80fd\u6e90\u6570\u636e\u7684\u8f6f\u4ef6\u7ba1\u7406\u5305\u3002\r\n\r\nRockwell Automation FactoryTalk EnergyMetrix 2.20.00\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610fSQL\u547d\u4ee4\u3002",
  "discovererName": "Rockwell Automation",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.rockwellautomation.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-05694",
  "openTime": "2016-07-29",
  "patchDescription": "Rockwell Automation FactoryTalk EnergyMetrix\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u7528\u4e8e\u6355\u83b7\u3001\u5206\u6790\u3001\u5b58\u50a8\u548c\u5171\u4eab\u80fd\u6e90\u6570\u636e\u7684\u8f6f\u4ef6\u7ba1\u7406\u5305\u3002\r\n\r\nRockwell Automation FactoryTalk EnergyMetrix 2.20.00\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610fSQL\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rockwell Automation FactoryTalk EnergyMetrix SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Rockwell Automation FactoryTalk EnergyMetrix \u003c2.20.00"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03",
  "serverity": "\u9ad8",
  "submitTime": "2016-07-28",
  "title": "Rockwell Automation FactoryTalk EnergyMetrix SQL\u6ce8\u5165\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.