[dsg-hallb_svt] Critical Vulnerability on a pdu
Brian Eng
beng at jlab.org
Thu Jul 23 15:29:31 EDT 2020
It's the power strip that is on the SVT cart that Fast Electronics installed.
It looks like there is a new firmware that fixes these vulnerabilities, should I go ahead and install it?
________________________________
From: Nathan Baltzell <baltzell at jlab.org>
Sent: Thursday, July 23, 2020 3:22 PM
To: Sergey Boyarinov <boiarino at jlab.org>
Cc: Brian Eng <beng at jlab.org>; Yuri Gotra <gotra at jlab.org>
Subject: Re: Critical Vulnerability on a pdu
No, never heard of it, and I don't see any reference to it or its ip address in our EPICS stuff.
I guess it's a networked power box? Brian/Yuri do you know about hb-pdu-svt?
On Jul 23, 2020, at 15:15, Sergey Boyarinov <boiarino at jlab.org<mailto:boiarino at jlab.org>> wrote:
Hi Nathan,
do you know that device ?
Sergey
________________________________
From: Christopher Williamson <cew at jlab.org<mailto:cew at jlab.org>>
Sent: Thursday, July 23, 2020 10:15 AM
To: Sergey Boyarinov <boiarino at jlab.org<mailto:boiarino at jlab.org>>
Subject: Critical Vulnerability on a pdu
Good Morning,
Recently an abnormally severe vulnerability surfaced, which several JLab systems are affected by. There is (at least) 1 in Hall-B.
hb-pdu-svt 129.57.167.127
After a system has been seen with a critical or high severity vulnerability for 30 days, our system automatically puts in a ServiceNow Incident. Since this vulnerability is classified as a 10, on a scale of 0-10 (CVSS Ranking), I wanted to give you a heads up early. Please patch this system as soon as possible.
Vulnerability Info:
Treck TCP/IP stack multiple vulnerabilities. (Ripple20)
CVE-2020-11896 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11896> CVE-2020-11897 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11897> CVE-2020-11898 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11898> CVE-2020-11899 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11899> CVE-2020-11900 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11900> CVE-2020-11901 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11901> CVE-2020-11902 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11902> CVE-2020-11903 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11903> CVE-2020-11904 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11904> CVE-2020-11905 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11905> CVE-2020-11906 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11906> CVE-2020-11907 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11907> CVE-2020-11908 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11908> CVE-2020-11909 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11909> CVE-2020-11910 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11910> CVE-2020-11911 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11911> CVE-2020-11912 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11912> CVE-2020-11913 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11913> CVE-2020-11914 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11914>
Thanks,
Christopher Williamson
<image001.png>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/dsg-hallb_svt/attachments/20200723/d3ef56e1/attachment.html>
More information about the dsg-hallb_svt
mailing list