VARIoT IoT vulnerabilities database

IP-COM Deep Internet Behavior Management is a network management device that provides network administrators with functions such as user authentication, web filtering, application control, flow control, content filtering, behavior auditing, and VPN. There is a supervisor password reset vulnerability in the Deep Internet Behavior Management Router. Attackers can use this vulnerability to reset the supervisor password and log in to the console to obtain sensitive information.

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. Cisco IOS XE The software includes OS A command injection vulnerability exists. Vendors have confirmed this vulnerability Bug ID CSCuz03145 , CSCuz56419 , CSCva31971 ,and CSCvb09542 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may aid in further attacks. CLI parser is one of the command line command parsers

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754. Cisco IOS Software and Cisco IOS XE The software contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg62754 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701. Vendors have confirmed this vulnerability Bug ID CSCvg69701 It is released as.Information may be tampered with. This may lead to further attacks

A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service (DoS) condition. The following releases of Cisco IOS XE Software are vulnerable: Everest-16.4.1, Everest-16.4.2, Everest-16.5.1, Everest-16.5.1b, Everest-16.6.1, Everest-16.6.1a. Cisco Bug IDs: CSCvf60296. Vendors have confirmed this vulnerability Bug ID CSCvf60296 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186. Cisco IOS Software and Cisco IOS XE The software contains a buffer error vulnerability and an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg76186 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. As a plug-and-play configuration and image management function, SmartInstall provides zero-configuration deployment for newly-joined switches, auto-initial configuration and operating system image loading, and configuration file backup. Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attempts will likely result in denial-of-service conditions

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881. Cisco IOS Software and Cisco IOS XE The software contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvf73881 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The qualityofservice (QoS) subsystem is one of the set of network quality of service subsystems. The vulnerability stems from the program failing to perform boundary detection on the values in the packet correctly. Failed attempts will likely result in denial-of-service conditions

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880. Vendors have confirmed this vulnerability Bug ID CSCve89880 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may lead to further attacks

A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496. Vendors have confirmed this vulnerability Bug ID CSCuw09295 and CSCve94496 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco Catalyst 4500 Switches with Supervisor Engine 8-E is a switch from Cisco. IOSXESoftware is an operating system that runs on Cisco network devices. A resource management error vulnerability exists in the Internet Group Management Protocol (IGMP) packet processing feature in Cisco IOSXE Software, which stems from a failure of the program to adequately process IGMP MembershipQuery packets

Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process. Swisscom TVMediaHelper Contains a data processing vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SwisscomTVMediaHelper is a set-top box device from Swisscom, Switzerland. (Multiple files include: dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll)

An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. D-Link DIR-850L The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LWirelessAC1200DualBandGigabitCloudRouter is a wireless router product of D-Link. An authentication bypass vulnerability exists in the D-LinkDIR-850LWirelessAC1200DualBandGigabitCloudRouter. An attacker could exploit the vulnerability by bypassing the SharePortWebAccessPortal by directly accessing the /category_view.php or /folder_view.php file

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys. Philips Alice 6 System Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips Alice 6 is a polysomnography (PSG) designed to record, display and print the clinician/doctor's physiological information. Philips Alice 6 is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to execute arbitrary code, gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Philips Alice 6 R8.0.2 and prior are vulnerable. An attacker could exploit this vulnerability to obtain sensitive information

In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code. Philips Alice 6 System Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips Alice 6 is a polysomnography (PSG) designed to record, display and print the clinician/doctor's physiological information. Philips Alice 6 is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Philips Alice 6 R8.0.2 and prior are vulnerable

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023. Vendors have confirmed this vulnerability IBM X-Force ID: 139023 It is released as.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateways 7.1.0.0 through 7.1.0.21, 7.2.0.0 through 7.2.0.18, 7.5.0.0 through 7.5.0.13, 7.5.1.0 through 7.5.1.12, 7.5.2.0 through 7.5.2.12 and 7.6.0.0 through 7.6.0.5 are vulnerable; other versions may also be affected. The appliance is primarily used to simplify, secure and accelerate XML and Web services deployment in SOA. The following versions are affected: IBM WebSphere DataPower Appliances Version 7.1, Version 7.2, Version 7.5, Version 7.5.1, Version 7.5.2, Version 7.6

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. Intel Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained. Intel Atom C C2308 is a central processing unit (CPU) product of Intel Corporation of the United States. The ARM Cortex-A 75 is an implementation of the Cortex-A75 microarchitecture from the British company ARM. The following products and versions are affected: Intel Atom C C2308; Xeon Silver 4110; Xeon Silver 4112; Xeon Silver 4116; ARM Cortex-A 75, etc

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. Dell EMC ScaleIO is a software-defined solution for converting DAS storage into shared data block storage from Dell. Light Installation Agent (LIA) is one of the installation agents. An attacker can exploit this vulnerability to execute arbitrary commands on the system with root privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities Dell EMC Identifier: DSA-2018-058 CVE Identifier: CVE-2018-1205, CVE-2018-1237, CVE-2018-1238 Severity: Medium Severity Rating: CVSS v3 Base Score: See below for CVSS v3 scores Affected products: Dell EMC ScaleIO versions prior to 2.5 Summary: Dell EMC ScaleIO customers are encouraged to update to ScaleIO v2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. CVSSv3 Base Score: 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) Resolution: The following Dell EMC ScaleIO release contains resolutions to these vulnerabilities: * Dell EMC ScaleIO version 2.5 Dell EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: Customers can download software from https://support.emc.com/downloads/40635_ScaleIO-Product-Family Credit: Dell EMC would like to thank David Berard, from the Ubisoft Security & Risk Management team, for reporting these vulnerabilities. Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJauOjDAAoJEHbcu+fsE81Z3/wH/jL9Ub908R9cXBOLhTbwCohq pVPgYZwy8ew96iuUaqDgqy3KmarYebeZ9MAG2gxW5URYqNSO7LJBZG8Jo4qWB3gB QuShn8UvJ0yfo4vxznkXtGjxhFLopYaoN+tgDQ3IjkcH3chvAHS0dnUk9Uj7OQsx KEltBIFJmzv97ZxkCLxqEtNu0LSTFsvKhjyKl6lOJZ8yVfTZR/p+Awx1czEyJc8Z /sfRBBgqJnK3LHBNEsuqCy+wedlDHwj+/d3wBr51eR0+3UrD2jRaDQVx3VkcE7Gb DGjCoZRJ8qiWp7muB0rC7/6PxxxQcNlBludSiYDTkdrQpjot1G37w+TX1GFVUUk= =FvDE -----END PGP SIGNATURE-----

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA. Dell EMC ScaleIO Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC ScaleIO is a software-defined solution for converting DAS storage into shared data block storage from Dell. Light Installation Agent (LIA) is one of the installation agents. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities Dell EMC Identifier: DSA-2018-058 CVE Identifier: CVE-2018-1205, CVE-2018-1237, CVE-2018-1238 Severity: Medium Severity Rating: CVSS v3 Base Score: See below for CVSS v3 scores Affected products: Dell EMC ScaleIO versions prior to 2.5 Summary: Dell EMC ScaleIO customers are encouraged to update to ScaleIO v2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. Details: The vulnerability details are as follows: * Buffer overflow vulnerability (CVE-2018-1205) Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. CVSSv3 Base Score: 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) Resolution: The following Dell EMC ScaleIO release contains resolutions to these vulnerabilities: * Dell EMC ScaleIO version 2.5 Dell EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: Customers can download software from https://support.emc.com/downloads/40635_ScaleIO-Product-Family Credit: Dell EMC would like to thank David Berard, from the Ubisoft Security & Risk Management team, for reporting these vulnerabilities. Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJauOjDAAoJEHbcu+fsE81Z3/wH/jL9Ub908R9cXBOLhTbwCohq pVPgYZwy8ew96iuUaqDgqy3KmarYebeZ9MAG2gxW5URYqNSO7LJBZG8Jo4qWB3gB QuShn8UvJ0yfo4vxznkXtGjxhFLopYaoN+tgDQ3IjkcH3chvAHS0dnUk9Uj7OQsx KEltBIFJmzv97ZxkCLxqEtNu0LSTFsvKhjyKl6lOJZ8yVfTZR/p+Awx1czEyJc8Z /sfRBBgqJnK3LHBNEsuqCy+wedlDHwj+/d3wBr51eR0+3UrD2jRaDQVx3VkcE7Gb DGjCoZRJ8qiWp7muB0rC7/6PxxxQcNlBludSiYDTkdrQpjot1G37w+TX1GFVUUk= =FvDE -----END PGP SIGNATURE-----

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. Dell EMC ScaleIO Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Dell EMC ScaleIO is a software-defined solution for converting DAS storage into shared data block storage from Dell. The vulnerability is caused by the program not processing packet data correctly. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities Dell EMC Identifier: DSA-2018-058 CVE Identifier: CVE-2018-1205, CVE-2018-1237, CVE-2018-1238 Severity: Medium Severity Rating: CVSS v3 Base Score: See below for CVSS v3 scores Affected products: Dell EMC ScaleIO versions prior to 2.5 Summary: Dell EMC ScaleIO customers are encouraged to update to ScaleIO v2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) * Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2018-1237) Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA. CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) * Command injection vulnerability (CVE-2018-1238) Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. CVSSv3 Base Score: 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) Resolution: The following Dell EMC ScaleIO release contains resolutions to these vulnerabilities: * Dell EMC ScaleIO version 2.5 Dell EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: Customers can download software from https://support.emc.com/downloads/40635_ScaleIO-Product-Family Credit: Dell EMC would like to thank David Berard, from the Ubisoft Security & Risk Management team, for reporting these vulnerabilities. Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJauOjDAAoJEHbcu+fsE81Z3/wH/jL9Ub908R9cXBOLhTbwCohq pVPgYZwy8ew96iuUaqDgqy3KmarYebeZ9MAG2gxW5URYqNSO7LJBZG8Jo4qWB3gB QuShn8UvJ0yfo4vxznkXtGjxhFLopYaoN+tgDQ3IjkcH3chvAHS0dnUk9Uj7OQsx KEltBIFJmzv97ZxkCLxqEtNu0LSTFsvKhjyKl6lOJZ8yVfTZR/p+Awx1czEyJc8Z /sfRBBgqJnK3LHBNEsuqCy+wedlDHwj+/d3wBr51eR0+3UrD2jRaDQVx3VkcE7Gb DGjCoZRJ8qiWp7muB0rC7/6PxxxQcNlBludSiYDTkdrQpjot1G37w+TX1GFVUUk= =FvDE -----END PGP SIGNATURE-----

Power Control FCPower is a professional power monitoring configuration software that combines general configuration software and power professional technology, and uses the latest IT technology. FCPower XKeyServer component has a denial of service vulnerability. An attacker can use this vulnerability to construct specific data, causing a denial of service or code execution

Zhongkong Taike (Shanghai) Electronic Technology Co., Ltd. is a sales and service organization based in Shanghai, a well-known biometric technology and RFID product provider. A weak password vulnerability exists in the iClock series data service of the Central Control Attendance Management System. Attackers can use this vulnerability to obtain sensitive information.