{"id":212,"date":"2019-10-17T20:26:06","date_gmt":"2019-10-17T20:26:06","guid":{"rendered":"https:\/\/x-theme.net\/avas-creative-agency\/?p=212"},"modified":"2022-03-25T14:12:42","modified_gmt":"2022-03-25T07:12:42","slug":"one-theme-for-all-features","status":"publish","type":"post","link":"https:\/\/dt-corp.com.vn\/?p=212","title":{"rendered":"L\u1ed7 h\u1ed5ng chu\u1ed7i cung \u1ee9ng \u201cAccess:7\u201d \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn m\u00e1y ATM, thi\u1ebft b\u1ecb y t\u1ebf v\u00e0 IoT"},"content":{"rendered":"<div class=\"typo-cont\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-788 aligncenter\" src=\"https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/03\/Lo-hong-chuoi-cung-ung-Access-7-anh-huong-den-may-ATM-thiet-bi-y-te-va-IoT-300x157.webp\" alt=\"\" width=\"537\" height=\"281\" srcset=\"https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/03\/Lo-hong-chuoi-cung-ung-Access-7-anh-huong-den-may-ATM-thiet-bi-y-te-va-IoT-300x157.webp 300w, https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/03\/Lo-hong-chuoi-cung-ung-Access-7-anh-huong-den-may-ATM-thiet-bi-y-te-va-IoT-373x195.webp 373w, https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/03\/Lo-hong-chuoi-cung-ung-Access-7-anh-huong-den-may-ATM-thiet-bi-y-te-va-IoT-80x42.webp 80w, https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/03\/Lo-hong-chuoi-cung-ung-Access-7-anh-huong-den-may-ATM-thiet-bi-y-te-va-IoT-620x324.webp 620w, https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/03\/Lo-hong-chuoi-cung-ung-Access-7-anh-huong-den-may-ATM-thiet-bi-y-te-va-IoT-460x240.webp 460w, https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/03\/Lo-hong-chuoi-cung-ung-Access-7-anh-huong-den-may-ATM-thiet-bi-y-te-va-IoT-365x191.webp 365w, https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/03\/Lo-hong-chuoi-cung-ung-Access-7-anh-huong-den-may-ATM-thiet-bi-y-te-va-IoT.webp 728w\" sizes=\"auto, (max-width: 537px) 100vw, 537px\" \/><\/p>\n<p>C\u00f3 t\u1edbi b\u1ea3y l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u00e3 \u0111\u01b0\u1ee3c ti\u1ebft l\u1ed9 trong ph\u1ea7n m\u1ec1m Axeda c\u1ee7a PTC c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c v\u0169 kh\u00ed h\u00f3a \u0111\u1ec3 truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o c\u00e1c thi\u1ebft b\u1ecb y t\u1ebf v\u00e0 IoT.<\/p>\n<h2>G\u1ecdi chung l\u00e0 \u201cAccess: 7\u201d, c\u00e1c \u0111i\u1ec3m y\u1ebfu \u2013 ba trong s\u1ed1 \u0111\u00f3 \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 l\u00e0 C\u1ef1c k\u1ef3 nghi\u00eam tr\u1ecdng \u2013 c\u00f3 kh\u1ea3 n\u0103ng \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn h\u01a1n 150 m\u1eabu thi\u1ebft b\u1ecb thu\u1ed9c h\u01a1n 100 nh\u00e0 s\u1ea3n xu\u1ea5t kh\u00e1c nhau, g\u00e2y ra r\u1ee7i ro chu\u1ed7i cung \u1ee9ng \u0111\u00e1ng k\u1ec3.<\/h2>\n<p>Gi\u1ea3i ph\u00e1p Axeda c\u1ee7a PTC bao g\u1ed3m m\u1ed9t n\u1ec1n t\u1ea3ng \u0111\u00e1m m\u00e2y cho ph\u00e9p c\u00e1c nh\u00e0 s\u1ea3n xu\u1ea5t thi\u1ebft b\u1ecb thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i \u0111\u1ec3 theo d\u00f5i, qu\u1ea3n l\u00fd v\u00e0 b\u1ea3o h\u00e0nh t\u1eeb xa m\u1ed9t lo\u1ea1t c\u00e1c m\u00e1y m\u00f3c, c\u1ea3m bi\u1ebfn v\u00e0 thi\u1ebft b\u1ecb \u0111\u01b0\u1ee3c k\u1ebft n\u1ed1i th\u00f4ng qua c\u00e1i \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 agent, \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t b\u1edfi OEM tr\u01b0\u1edbc khi thi\u1ebft b\u1ecb \u0111\u01b0\u1ee3c b\u00e1n cho kh\u00e1ch h\u00e0ng.<\/p>\n<p>C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u t\u1eeb Forescout v\u00e0 CyberMDX cho bi\u1ebft:<em>\u00a0\u201cAccess: 7 c\u00f3 th\u1ec3 cho ph\u00e9p tin t\u1eb7c th\u1ef1c thi m\u00e3 \u0111\u1ed9c t\u1eeb xa, truy c\u1eadp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m ho\u1eb7c thay \u0111\u1ed5i c\u1ea5u h\u00ecnh tr\u00ean c\u00e1c thi\u1ebft b\u1ecb y t\u1ebf v\u00e0 IoT ch\u1ea1y m\u00e3 t\u1eeb xa Axeda c\u1ee7a PTC v\u00e0 t\u00e1c nh\u00e2n qu\u1ea3n l\u00fd\u201d.<\/em><\/p>\n<p>Trong s\u1ed1 100 nh\u00e0 cung c\u1ea5p thi\u1ebft b\u1ecb b\u1ecb \u1ea3nh h\u01b0\u1edfng, 55% thu\u1ed9c l\u0129nh v\u1ef1c ch\u0103m s\u00f3c s\u1ee9c kh\u1ecfe, ti\u1ebfp theo l\u00e0 IoT (24%), CNTT (8%), d\u1ecbch v\u1ee5 t\u00e0i ch\u00ednh (5%) v\u00e0 s\u1ea3n xu\u1ea5t (4%).<\/p>\n<p>B\u00ean c\u1ea1nh m\u00e1y ch\u1ee5p x quang v\u00e0 ph\u00f2ng th\u00ed nghi\u1ec7m, c\u00e1c thi\u1ebft b\u1ecb d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng bao g\u1ed3m m\u1ecdi th\u1ee9 t\u1eeb m\u00e1y ATM, m\u00e1y b\u00e1n h\u00e0ng t\u1ef1 \u0111\u1ed9ng, h\u1ec7 th\u1ed1ng qu\u1ea3n l\u00fd ti\u1ec1n m\u1eb7t v\u00e0 m\u00e1y in nh\u00e3n \u0111\u1ebfn h\u1ec7 th\u1ed1ng qu\u00e9t m\u00e3 v\u1ea1ch, h\u1ec7 th\u1ed1ng SCADA, gi\u1ea3i ph\u00e1p theo d\u00f5i v\u00e0 gi\u00e1m s\u00e1t t\u00e0i s\u1ea3n, c\u1ed5ng IoT v\u00e0 m\u00e1y c\u1eaft c\u00f4ng nghi\u1ec7p.<\/p>\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 danh s\u00e1ch c\u00e1c l\u1ed7 h\u1ed5ng:<\/p>\n<ul>\n<li><strong>CVE-2022-25246<\/strong>\u00a0(CVSS score: 9.8): Vi\u1ec7c s\u1eed d\u1ee5ng th\u00f4ng tin \u0111\u0103ng nh\u1eadp \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a c\u1ee9ng trong d\u1ecbch v\u1ee5 AxedaDesktopServer.exe c\u00f3 th\u1ec3 cho ph\u00e9p ti\u1ebfp qu\u1ea3n t\u1eeb xa m\u1ed9t thi\u1ebft b\u1ecb.<\/li>\n<li><strong>CVE-2022-25247<\/strong>\u00a0(CVSS score: 9.8): M\u1ed9t l\u1ed7 h\u1ed5ng trong ERemoteServer.exe c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c t\u1eadn d\u1ee5ng \u0111\u1ec3 g\u1eedi c\u00e1c l\u1ec7nh \u0111\u01b0\u1ee3c ch\u1ebf t\u1ea1o \u0111\u1eb7c bi\u1ec7t \u0111\u1ec3 c\u00f3 \u0111\u01b0\u1ee3c th\u1ef1c thi m\u00e3 t\u1eeb xa (RCE) v\u00e0 truy c\u1eadp to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng t\u1ec7p.<\/li>\n<li><strong>CVE-2022-25251<\/strong>\u00a0(CVSS score: 9.4): Thi\u1ebfu x\u00e1c th\u1ef1c trong t\u00e1c nh\u00e2n Axeda xGate.exe c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 s\u1eeda \u0111\u1ed5i c\u1ea5u h\u00ecnh c\u1ee7a t\u00e1c nh\u00e2n.<\/li>\n<li><strong>VE-2022-25249<\/strong>\u00a0(CVSS score: 7.5): M\u1ed9t l\u1ed7 h\u1ed5ng truy\u1ec1n qua th\u01b0 m\u1ee5c trong t\u00e1c nh\u00e2n Axeda xGate.exe c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ch\u01b0a \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c t\u1eeb xa c\u00f3 \u0111\u01b0\u1ee3c quy\u1ec1n truy c\u1eadp \u0111\u1ecdc h\u1ec7 th\u1ed1ng t\u1ec7p tr\u00ean m\u00e1y ch\u1ee7 web.<\/li>\n<li><strong>CVE-2022-25250<\/strong>\u00a0(CVSS score: 7.5): M\u1ed9t l\u1ed7 h\u1ed5ng t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 (DoS) trong t\u00e1c nh\u00e2n Axeda xGate.exe b\u1eb1ng c\u00e1ch \u0111\u01b0a v\u00e0o m\u1ed9t l\u1ec7nh undocumented.<\/li>\n<li><strong>CVE-2022-25252<\/strong>\u00a0(CVSS score: 7.5): L\u1ed7 h\u1ed5ng tr\u00e0n b\u1ed9 \u0111\u1ec7m trong th\u00e0nh ph\u1ea7n Axeda xBase39.dll c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 (DoS).<\/li>\n<li><strong>CVE-2022-25248<\/strong>\u00a0(CVSS score: 5.3): M\u1ed9t l\u1ed7 h\u1ed5ng ti\u1ebft l\u1ed9 th\u00f4ng tin trong d\u1ecbch v\u1ee5 ERemoteServer.exe l\u00e0m l\u1ed9 nh\u1eadt k\u00fd v\u0103n b\u1ea3n s\u1ef1 ki\u1ec7n tr\u1ef1c ti\u1ebfp cho c\u00e1c b\u00ean ch\u01b0a \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c.<\/li>\n<\/ul>\n<p>Vi\u1ec7c khai th\u00e1c th\u00e0nh c\u00f4ng c\u00e1c l\u1ed7 h\u1ed5ng c\u00f3 th\u1ec3 trang b\u1ecb cho nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng kh\u1ea3 n\u0103ng th\u1ef1c thi m\u00e3 \u0111\u1ed9c t\u1eeb xa \u0111\u1ec3 ki\u1ec3m so\u00e1t to\u00e0n b\u1ed9 thi\u1ebft b\u1ecb, truy c\u1eadp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m, s\u1eeda \u0111\u1ed5i c\u1ea5u h\u00ecnh v\u00e0 t\u1eaft c\u00e1c d\u1ecbch v\u1ee5 c\u1ee5 th\u1ec3 trong c\u00e1c thi\u1ebft b\u1ecb b\u1ecb \u1ea3nh h\u01b0\u1edfng.<\/p>\n<p>C\u00e1c l\u1ed7 h\u1ed5ng, \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n c\u1ee7a Axeda Agent tr\u01b0\u1edbc 6.9.3, \u0111\u00e3 \u0111\u01b0\u1ee3c b\u00e1o c\u00e1o cho PTC v\u00e0o ng\u00e0y 10 th\u00e1ng 8 n\u0103m 2021 nh\u01b0 m\u1ed9t ph\u1ea7n c\u1ee7a quy tr\u00ecnh ti\u1ebft l\u1ed9 ph\u1ed1i h\u1ee3p c\u00f3 s\u1ef1 tham gia c\u1ee7a C\u01a1 quan An ninh m\u1ea1ng v\u00e0 C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng Hoa K\u1ef3 (CISA), Chia s\u1ebb Th\u00f4ng tin Y t\u1ebf v\u00e0 Trung t\u00e2m Ph\u00e2n t\u00edch (H-ISAC) v\u00e0 C\u1ee5c Qu\u1ea3n l\u00fd Th\u1ef1c ph\u1ea9m v\u00e0 D\u01b0\u1ee3c ph\u1ea9m (FDA).<\/p>\n<p>\u0110\u1ec3 gi\u1ea3m thi\u1ec3u c\u00e1c sai s\u00f3t v\u00e0 ng\u0103n ch\u1eb7n vi\u1ec7c khai th\u00e1c c\u00f3 th\u1ec3 x\u1ea3y ra, ng\u01b0\u1eddi d\u00f9ng n\u00ean n\u00e2ng c\u1ea5p l\u00ean phi\u00ean b\u1ea3n Axeda 6.9.1 build 1046, 6.9.2 build 1049 ho\u1eb7c 6.9.3 build 1051.<\/p>\n<p>\u0110\u00e2y kh\u00f4ng ph\u1ea3i l\u00e0 l\u1ea7n \u0111\u1ea7u ti\u00ean c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt quan tr\u1ecdng ch\u1ee7 y\u1ebfu nh\u1eafm v\u00e0o c\u00e1c h\u1ec7 th\u1ed1ng ch\u0103m s\u00f3c s\u1ee9c kh\u1ecfe \u0111\u01b0\u1ee3c \u0111\u01b0a ra \u00e1nh s\u00e1ng. V\u00e0o th\u00e1ng 12 n\u0103m 2020, CyberMDX ti\u1ebft l\u1ed9 \u201cMDhex-Ray\u201d, m\u1ed9t l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong c\u00e1c s\u1ea3n ph\u1ea9m h\u00ecnh \u1ea3nh CT, X-Ray v\u00e0 MRI c\u1ee7a GE Healthcare c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn vi\u1ec7c l\u1ed9 th\u00f4ng tin s\u1ee9c kh\u1ecfe \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7.<\/p>\n<p>C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u cho bi\u1ebft: \u201cAccess: 7 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn gi\u1ea3i ph\u00e1p \u0111\u01b0\u1ee3c b\u00e1n cho c\u00e1c nh\u00e0 s\u1ea3n xu\u1ea5t thi\u1ebft b\u1ecb kh\u00f4ng t\u1ef1 ph\u00e1t tri\u1ec3n h\u1ec7 th\u1ed1ng d\u1ecbch v\u1ee5 t\u1eeb xa c\u1ee7a h\u1ecd.\u00a0<em>\u201c\u0110i\u1ec1u n\u00e0y l\u00e0m cho n\u00f3 tr\u1edf th\u00e0nh m\u1ed9t l\u1ed7 h\u1ed5ng trong chu\u1ed7i cung \u1ee9ng v\u00e0 do \u0111\u00f3 n\u00f3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn nhi\u1ec1u nh\u00e0 s\u1ea3n xu\u1ea5t v\u00e0 thi\u1ebft b\u1ecb h\u1ea1 ngu\u1ed3n.\u201d<\/em><\/p>\n<p>Ngu\u1ed3n:\u00a0<a href=\"https:\/\/thehackernews.com\/2022\/03\/critical-access7-supply-chain.html\">Critical \u201cAccess:7\u201d Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p class=\"tx-excerpt\">C\u00f3 t\u1edbi b\u1ea3y l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u00e3 \u0111\u01b0\u1ee3c ti\u1ebft l\u1ed9 trong ph\u1ea7n m\u1ec1m Axeda c\u1ee7a PTC c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c v\u0169 kh\u00ed h\u00f3a \u0111\u1ec3 truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o c\u00e1c thi\u1ebft b\u1ecb y","protected":false},"author":1,"featured_media":788,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[13],"tags":[],"class_list":["post-212","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/03\/Lo-hong-chuoi-cung-ung-Access-7-anh-huong-den-may-ATM-thiet-bi-y-te-va-IoT.webp","_links":{"self":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=212"}],"version-history":[{"count":2,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/212\/revisions"}],"predecessor-version":[{"id":794,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/212\/revisions\/794"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/media\/788"}],"wp:attachment":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}