VARIoT IoT vulnerabilities database

A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access. plural Korenix JetNet The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. JetNet is a series of industrial Ethernet switch products from Koloris. Korenix JetNet is prone to a hard-coded cryptographic key vulnerability and security-bypass vulnerability. An attacker can exploit these issues to bypass the security mechanism and perform unauthorized actions or perform man-in-the middle attacks and obtain sensitive information. This may aid in further attacks. Korenix JetNet JetNet5018G etc. A security vulnerability exists in several Korenix products due to the program's use of hard-coded certificates

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. AT&T U-verse The firmware contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ArrisNVG589 and NVG599 are router products of Arris Group of the United States. AT&TU-verse is the firmware used in it. A security vulnerability exists in the AT&TU-verse9.2.2h0d83 version of ArrisNVG589 and NVG599. AT&T U-verse Arris Modems are prone to following security vulnerabilities: 1. 2. An information-disclosure vulnerability 3. A command injection vulnerability 4. A security-bypass vulnerability Attackers can exploit these issues to obtain sensitive information, execute arbitrary code and perform unauthorized actions., which may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition

A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets. plural Moxa NPort The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Moxa's NPort 5110, 5130 and 5150 are all Moxa's serial communication servers for connecting industrial serial devices to the network. Multiple Moxa NPort products are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability. An attacker can exploit these issues to obtain sensitive information or cause excessive consumption of resources or crash of application resulting in a denial of service condition. A security vulnerability exists in the Moxa NPort 5110, 5130, and 5150

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. FOX515 is a universal communication platform based on TDM technology (time division multiplexing). ABB FOX515T is prone to a local information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks. ABB FOX515T 1.0 is vulnerable; other versions may also be affected. ABB FOX515T is a multi-functional optical transmission equipment produced by Swiss ABB company

An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file. Progea Movicon Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Movicon is an industrial monitoring software developed by the Italian automation software provider PROGEA (Scada/HMI). Progea Movicon is prone to a multiple privilege-escalation vulnerabilities. Movicon versions 11.5.1181 and prior are affected. ------------------------ BACKGROUND ------------------------ Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems Countries/Areas Deployed: Europe, India, and United States Company Headquarters Location: Italy ------------------------ IMPACT ------------------------ Successful exploitation of these vulnerabilities could allow privilege escalation or arbitrary code execution. The specific flaw exists within the handling of a specific named DLL file used by Movicon SCADA/HMI. By placing specific DLL file (listed below), an attacker is able to force the process to load an arbitrary DLL. ------------------------ DLL File Name (1) ------------------------ api-ms-win-appmodel-runtime-l1-1-0.dll ------------------------ Application Executables (that look for missing DLL) ------------------------ Movicon.exe MoviconRunTime.exe MoviconService.exe AlarmsImpExp.exe ReportViewerNET.exe ------------------------ Steps to reproduce ------------------------ 1. Generate a dll payload msfvenom ap windows/exec cmd=calc.exe af dll ao api-ms-win-appmodel-runtime-l1-1-0.dll 2. Place this dll in install directory (or C:\Windows, or any directory defined in the PATH environment variable) C:\Program Files\Progea\Movicon11.5\ 3. Run MoviconService.exe (or any of the above listed executables), and Exit ------------------------ CVE-2017-14017 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. aC/ MOVICON (MOVICON) runs as LocalSystem and has path: C:\Program Files\Progea\Movicon11.5\MoviconService.exe: CVE-2017-14019 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). +++++ Best Regards, Karn Ganeshen

An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges. Progea Movicon Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Movicon is an industrial monitoring software developed by the Italian automation software provider PROGEA (Scada/HMI). Progea Movicon is prone to a multiple privilege-escalation vulnerabilities. An attacker can exploit these issues to execute arbitrary code to gain elevated privileges. Movicon versions 11.5.1181 and prior are affected. ------------------------ BACKGROUND ------------------------ Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems Countries/Areas Deployed: Europe, India, and United States Company Headquarters Location: Italy ------------------------ IMPACT ------------------------ Successful exploitation of these vulnerabilities could allow privilege escalation or arbitrary code execution. User interaction is required to exploit this vulnerability in that the malicious dll file should be saved in any of the DLL search paths. The specific flaw exists within the handling of a specific named DLL file used by Movicon SCADA/HMI. By placing specific DLL file (listed below), an attacker is able to force the process to load an arbitrary DLL. ------------------------ DLL File Name (1) ------------------------ api-ms-win-appmodel-runtime-l1-1-0.dll ------------------------ Application Executables (that look for missing DLL) ------------------------ Movicon.exe MoviconRunTime.exe MoviconService.exe AlarmsImpExp.exe ReportViewerNET.exe ------------------------ Steps to reproduce ------------------------ 1. Generate a dll payload msfvenom ap windows/exec cmd=calc.exe af dll ao api-ms-win-appmodel-runtime-l1-1-0.dll 2. Place this dll in install directory (or C:\Windows, or any directory defined in the PATH environment variable) C:\Program Files\Progea\Movicon11.5\ 3. Run MoviconService.exe (or any of the above listed executables), and Exit ------------------------ CVE-2017-14017 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. aC/ MOVICON (MOVICON) runs as LocalSystem and has path: C:\Program Files\Progea\Movicon11.5\MoviconService.exe: CVE-2017-14019 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). +++++ Best Regards, Karn Ganeshen

An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine. Trihedral VTScada Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. Siemens industrial products are based on the OPC UAP protocol based on OPC to discover and configure LAN device information. The Siemens OPC UA protocol has an XML external entity vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Siemens SIMATIC PCS and so on are all products of German Siemens (Siemens). Siemens SIMATIC PCS is a process control system. SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system

A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client. Multiple OPW Products are prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well. SQL injection vulnerabilities exist in multi-span OPWA products

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks. Siemens LOGO! The device contains an information disclosure vulnerability.Information may be obtained. LOGO!8 is the 8th generation intelligent logic controller of Siemens. It is the NanoPLC in the Siemens PLC family. It simplifies the programming configuration, the integrated panel can display more content, and can be easily integrated efficiently through the integrated Ethernet interface. interconnected. There is a vulnerability in SiemensLOGO!8BM. An attacker can exploit this issue to obtain sensitive information. Successful exploits may lead to other attacks. Versions prior to LOGO!8 BM FS-05 1.81.2 are vulnerable

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. Siemens LOGO! The device contains an access control vulnerability.Information may be obtained and information may be altered. LOGO!8 is the 8th generation intelligent logic controller of Siemens. It is the NanoPLC in the Siemens PLC family. It simplifies the programming configuration, the integrated panel can display more content, and can be easily integrated efficiently through the integrated Ethernet interface. interconnected. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover. 7KMPACSwitchedEthernet is a switched Ethernet device from Siemens, Germany. The 7KMPAC switched Ethernet PROFINET expansion module has a denial of service vulnerability in versions prior to 2.1.3. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users

Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. Hikvision iVMS-4200 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Hikvision iVMS-4200 is a set of video surveillance software from China Hikvision. Hikvision iVMS-4200 has a security vulnerability that allows local attackers to use the vulnerability to generate password recovery code

Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. Lexmark Scan To Network (SNF) Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LexmarkScanToNetwork (SNF) is an embedded printer application from Lexmark. A security vulnerability exists in LexmarkSNF 3.2.9 and earlier that originated from the program storing the network configuration certificate in clear text and transmitting the certificate upon request. A remote attacker can use the vulnerability to obtain sensitive information by sending a request to cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges. Multiple OPW Products are prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well. The following products and versions are vulnerable: SiteSentinel Integra 100 Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1 SiteSentinel Integra 500 Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1 SiteSentinel iSite ATG Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1. Several OPW products have authentication bypass vulnerabilities

Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm. TP-Link WR940N WiFi The router contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-Link WR940N is a SOHO wireless router. TP-Link WR940N has a remote code execution vulnerability

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A security vulnerability exists in the Profiles component in versions prior to Apple iOS 11. The vulnerability stems from the fact that the program does not remove pairing when installing a profile that does not allow pairing. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. FusionSphere OpenStack Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to bypass the authentication mechanism. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios

An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. A security vulnerability exists in Safari components in versions of Apple Safari prior to 11.0.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-5 Safari 11.1 Safari 11.1 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13789: xisigr of Tencent's Xuanwu Lab (tencent.com) CVE-2017-13790: Zhiyang Zeng (@Wester) of Tencent Security Platform Department WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13785: Ivan Fratric of Google Project Zero CVE-2017-13784: Ivan Fratric of Google Project Zero CVE-2017-13783: Ivan Fratric of Google Project Zero CVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com) CVE-2017-13798: Ivan Fratric of Google Project Zero CVE-2017-13795: Ivan Fratric of Google Project Zero CVE-2017-13802: Ivan Fratric of Google Project Zero CVE-2017-13792: Ivan Fratric of Google Project Zero CVE-2017-13794: Ivan Fratric of Google Project Zero CVE-2017-13791: Ivan Fratric of Google Project Zero CVE-2017-13796: Ivan Fratric of Google Project Zero CVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative CVE-2017-13803: chenqin (ee|) of Ant-financial Light-Year Security Installation note: Safari 11.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u8ApHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEY+1g// W98M5GMrH1S9J4VcAabTBLiq6evw7NUgpxmF2Qq8X9qaQz5MjUGJB2Ix5qOp9DXV 4YiUMyhj0T62SQa+i9AJTUUc5uwroA605wQUM3FsvYOYB1TUByTAw9fKc/tNCZtO W61vSO7BDQj3Xe/yqk22sqGcuWR2AvFoF6M/uTz2ZEunAhTafybLLTjA3GSW9LzR h1gW88AleBxDiQD7wYJFL5z6PH6h3602sptiPc0tI311hufe0Gee+eVEXuuxmzrM PNQgfuXJ8v0GdRtOxJMZgICBqDQ7OveNZGjTc7pSiX20+gzwG8HWVG4qkg8nTnAE I+4+9mFZhO0UEcpts9pr9TBgqFxREHsqOORKC3WfEBBNI1R6deUNKjGoldrF3ES9 syuDV8cJuOlTsoohkpumJYcZ622CLI5VCSDN3pEXygGiy8CGjHzbAPRcCZ6sGs3f LWVfMfZRYA+7vk5CxhEzZz8mI+P+W8LkUqbSBiXAfPAzUjwmUdLaX89JFCy0vqjD +CI0PF6OJfQNoEM/gWffm2ZmE1N7B4xXvVAzfIvyCAfKfZ3OM0edK5sNi9WAuBoa kTwMP/AKEaBniV8DeaD8PJiEhRU3PTPgTRSR9XZSLX5mxdgl9zXnBM92Nu75BS1e SfA+ulWYKFufKAnQIPL9CyRSI4kfLy3JvXryMw6DHcU= =rc1A -----END PGP SIGNATURE-----

An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. A security vulnerability exists in Safari components in versions of Apple Safari prior to 11.0.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-5 Safari 11.1 Safari 11.1 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13789: xisigr of Tencent's Xuanwu Lab (tencent.com) CVE-2017-13790: Zhiyang Zeng (@Wester) of Tencent Security Platform Department WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13785: Ivan Fratric of Google Project Zero CVE-2017-13784: Ivan Fratric of Google Project Zero CVE-2017-13783: Ivan Fratric of Google Project Zero CVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com) CVE-2017-13798: Ivan Fratric of Google Project Zero CVE-2017-13795: Ivan Fratric of Google Project Zero CVE-2017-13802: Ivan Fratric of Google Project Zero CVE-2017-13792: Ivan Fratric of Google Project Zero CVE-2017-13794: Ivan Fratric of Google Project Zero CVE-2017-13791: Ivan Fratric of Google Project Zero CVE-2017-13796: Ivan Fratric of Google Project Zero CVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative CVE-2017-13803: chenqin (ee|) of Ant-financial Light-Year Security Installation note: Safari 11.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u8ApHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEY+1g// W98M5GMrH1S9J4VcAabTBLiq6evw7NUgpxmF2Qq8X9qaQz5MjUGJB2Ix5qOp9DXV 4YiUMyhj0T62SQa+i9AJTUUc5uwroA605wQUM3FsvYOYB1TUByTAw9fKc/tNCZtO W61vSO7BDQj3Xe/yqk22sqGcuWR2AvFoF6M/uTz2ZEunAhTafybLLTjA3GSW9LzR h1gW88AleBxDiQD7wYJFL5z6PH6h3602sptiPc0tI311hufe0Gee+eVEXuuxmzrM PNQgfuXJ8v0GdRtOxJMZgICBqDQ7OveNZGjTc7pSiX20+gzwG8HWVG4qkg8nTnAE I+4+9mFZhO0UEcpts9pr9TBgqFxREHsqOORKC3WfEBBNI1R6deUNKjGoldrF3ES9 syuDV8cJuOlTsoohkpumJYcZ622CLI5VCSDN3pEXygGiy8CGjHzbAPRcCZ6sGs3f LWVfMfZRYA+7vk5CxhEzZz8mI+P+W8LkUqbSBiXAfPAzUjwmUdLaX89JFCy0vqjD +CI0PF6OJfQNoEM/gWffm2ZmE1N7B4xXvVAzfIvyCAfKfZ3OM0edK5sNi9WAuBoa kTwMP/AKEaBniV8DeaD8PJiEhRU3PTPgTRSR9XZSLX5mxdgl9zXnBM92Nu75BS1e SfA+ulWYKFufKAnQIPL9CyRSI4kfLy3JvXryMw6DHcU= =rc1A -----END PGP SIGNATURE-----