漏洞ID: ICSA-14-275-01 发布日期: 2014-09-30 修订日期: 2014-10-01 CVSS评分: 7.8 (AV:N/AC:L/Au:S/C:P/I:P/A:P) 影响的厂商: Honeywell 受影响的产品: - Honeywell Experion PKS System - Honeywell UniSim Design Suite 漏洞描述: 跨站脚本(XSS)漏洞和不安全的直接对象引用(IDOR)漏洞,允许远程攻击者通过特制的URL执行任意JavaScript代码或访问敏感信息。 参考链接: - ICS Advisory ICSA-14-275-01 JSBM - ICS Advisory ICSA-14-275-01 Web Viewer - Recommended Practices: Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies - Recommended Practices: Protecting Industrial Control Systems from Electronic Threats - Recommended Practices: Providing Security for Critical Infrastructure and Key Resources 缓解措施: - 更新到最新版本 - 遵循推荐的安全实践