<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

It's the power strip that is on the SVT cart that Fast Electronics installed.</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

It looks like there is a new firmware that fixes these vulnerabilities, should I go ahead and install it?</div>

<div>

<div id="appendonsend"></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<hr tabindex="-1" style="display:inline-block; width:98%">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Nathan Baltzell <baltzell@jlab.org><br>

<b>Sent:</b> Thursday, July 23, 2020 3:22 PM<br>

<b>To:</b> Sergey Boyarinov <boiarino@jlab.org><br>

<b>Cc:</b> Brian Eng <beng@jlab.org>; Yuri Gotra <gotra@jlab.org><br>

<b>Subject:</b> Re: Critical Vulnerability on a pdu</font>

<div> </div>

</div>

<div class="" style="word-wrap:break-word; line-break:after-white-space">No, never heard of it, and I don't see any reference to it or its ip address in our EPICS stuff.

<div class=""><br class="">

</div>

<div class="">I guess it's a networked power box?  Brian/Yuri do you know about hb-pdu-svt?</div>

<div class=""><br class="">

</div>

<div class=""><br class="">

<div><br class="">

<blockquote type="cite" class="">

<div class="">On Jul 23, 2020, at 15:15, Sergey Boyarinov <<a href="mailto:boiarino@jlab.org" class="">boiarino@jlab.org</a>> wrote:</div>

<br class="x_Apple-interchange-newline">

<div class="">

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

Hi Nathan,</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

do you know that device ?</div>

<div class="" style="font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

Sergey</div>

<div class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">

<div class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">

<br class="">

</div>

<div id="x_appendonsend" class=""></div>

<hr tabindex="-1" class="" style="display:inline-block; width:599.75px">

<div id="x_divRplyFwdMsg" dir="ltr" class=""><font face="Calibri, sans-serif" class="" style="font-size:11pt"><b class="">From:</b><span class="x_Apple-converted-space"> </span>Christopher Williamson <<a href="mailto:cew@jlab.org" class="">cew@jlab.org</a>><br class="">

<b class="">Sent:</b><span class="x_Apple-converted-space"> </span>Thursday, July 23, 2020 10:15 AM<br class="">

<b class="">To:</b><span class="x_Apple-converted-space"> </span>Sergey Boyarinov <<a href="mailto:boiarino@jlab.org" class="">boiarino@jlab.org</a>><br class="">

<b class="">Subject:</b><span class="x_Apple-converted-space"> </span>Critical Vulnerability on a pdu</font>

<div class=""> </div>

</div>

<div lang="EN-US" class="">

<div class="x_x_WordSection1">

<div class="" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

Good Morning,</div>

<div class="" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

Recently an abnormally severe vulnerability surfaced, which several JLab systems are affected by. There is (at least) 1 in Hall-B.</div>

<p class="x_x_MsoNormal" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

 </p>

<div class="" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

hb-pdu-svt         129.57.167.127</div>

<p class="x_x_MsoNormal" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

 </p>

<p class="x_x_MsoNormal" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

 </p>

<div class="" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

After a system has been seen with a critical or high severity vulnerability for 30 days, our system automatically puts in a ServiceNow Incident. Since this vulnerability is classified as a 10, on a scale of 0-10 (CVSS Ranking), I wanted to give you a heads

 up early. Please patch this system as soon as possible.</div>

<p class="x_x_MsoNormal" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

 </p>

<div class="" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

Vulnerability Info:</div>

<div class="" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

Treck TCP/IP stack multiple vulnerabilities. (Ripple20)</div>

<div class="" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11896" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11896" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11896 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11897" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11897" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11897 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11898" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11898" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11898 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11899" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11899" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11899 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11900" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11900" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11900 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11901" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11901" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,119,130); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11901 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11902" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11902" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11902 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11903" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11903" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11903 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11904" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11904" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11904 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11905" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11905" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11905 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11906" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11906" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11906 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11907" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11907" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11907 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11908" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11908" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11908 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11909" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11909" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11909 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11910" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11910" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11910 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11911" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11911" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11911 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11912" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11912" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11912 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11913" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11913" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11913 </span></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11914" target="scXRef" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11914" class=""><span class="" style="font-size:10.5pt; font-family:"Helvetica Neue"; color:rgb(0,165,181); background-color:white; text-decoration:none; background-position:initial initial; background-repeat:initial initial">CVE-2020-11914 </span></a></div>

<p class="x_x_MsoNormal" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

 </p>

<div class="" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

Thanks,</div>

<div class="" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

Christopher Williamson</div>

<p class="x_x_MsoNormal" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

 </p>

<div class="" style="margin:0in 0in 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif">

<span class="" style="color:blue"><span id="x_cid:image001.png@01D660DA.2B449420"><image001.png></span></span></div>

</div>

</div>

</div>

</div>

</blockquote>

</div>

<br class="">

</div>

</div>

</div>

</body>

</html>