Mitsubishi Electric FR Configurator2是日本三菱电机(Mitsubishi Electric)公司的一款变频器驱动配置应用程序。
Mitsubishi Electric FR Configurator2 1.16S及之前版本中存在代码问题漏洞,该漏洞源于程序没有过滤传递到XML解析器的输入。攻击者可利用该漏洞读取任意文件。
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/2019-001.pdf
来源:www.mitsubishielectric.com
链接:https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/2019-001.pdf
来源:www.mitsubishi-automation.com
链接:http://www.mitsubishi-automation.com/
来源:www.us-cert.gov
链接:https://www.us-cert.gov/ics/advisories/icsa-19-204-01
来源:www.securityfocus.com
链接:https://www.securityfocus.com/bid/109350
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-10976
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2763/