VARIoT IoT vulnerabilities database

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. Intel Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained. Intel Atom C C2308 is a central processing unit (CPU) product of Intel Corporation of the United States. The ARM Cortex-A 75 is an implementation of the Cortex-A75 microarchitecture from the British company ARM. The following products and versions are affected: Intel Atom C C2308; Xeon Silver 4110; Xeon Silver 4112; Xeon Silver 4116; ARM Cortex-A 75, etc

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. Dell EMC ScaleIO is a software-defined solution for converting DAS storage into shared data block storage from Dell. Light Installation Agent (LIA) is one of the installation agents. An attacker can exploit this vulnerability to execute arbitrary commands on the system with root privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities Dell EMC Identifier: DSA-2018-058 CVE Identifier: CVE-2018-1205, CVE-2018-1237, CVE-2018-1238 Severity: Medium Severity Rating: CVSS v3 Base Score: See below for CVSS v3 scores Affected products: Dell EMC ScaleIO versions prior to 2.5 Summary: Dell EMC ScaleIO customers are encouraged to update to ScaleIO v2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. CVSSv3 Base Score: 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) Resolution: The following Dell EMC ScaleIO release contains resolutions to these vulnerabilities: * Dell EMC ScaleIO version 2.5 Dell EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: Customers can download software from https://support.emc.com/downloads/40635_ScaleIO-Product-Family Credit: Dell EMC would like to thank David Berard, from the Ubisoft Security & Risk Management team, for reporting these vulnerabilities. Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJauOjDAAoJEHbcu+fsE81Z3/wH/jL9Ub908R9cXBOLhTbwCohq pVPgYZwy8ew96iuUaqDgqy3KmarYebeZ9MAG2gxW5URYqNSO7LJBZG8Jo4qWB3gB QuShn8UvJ0yfo4vxznkXtGjxhFLopYaoN+tgDQ3IjkcH3chvAHS0dnUk9Uj7OQsx KEltBIFJmzv97ZxkCLxqEtNu0LSTFsvKhjyKl6lOJZ8yVfTZR/p+Awx1czEyJc8Z /sfRBBgqJnK3LHBNEsuqCy+wedlDHwj+/d3wBr51eR0+3UrD2jRaDQVx3VkcE7Gb DGjCoZRJ8qiWp7muB0rC7/6PxxxQcNlBludSiYDTkdrQpjot1G37w+TX1GFVUUk= =FvDE -----END PGP SIGNATURE-----

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA. Dell EMC ScaleIO Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC ScaleIO is a software-defined solution for converting DAS storage into shared data block storage from Dell. Light Installation Agent (LIA) is one of the installation agents. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities Dell EMC Identifier: DSA-2018-058 CVE Identifier: CVE-2018-1205, CVE-2018-1237, CVE-2018-1238 Severity: Medium Severity Rating: CVSS v3 Base Score: See below for CVSS v3 scores Affected products: Dell EMC ScaleIO versions prior to 2.5 Summary: Dell EMC ScaleIO customers are encouraged to update to ScaleIO v2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. Details: The vulnerability details are as follows: * Buffer overflow vulnerability (CVE-2018-1205) Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. CVSSv3 Base Score: 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) Resolution: The following Dell EMC ScaleIO release contains resolutions to these vulnerabilities: * Dell EMC ScaleIO version 2.5 Dell EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: Customers can download software from https://support.emc.com/downloads/40635_ScaleIO-Product-Family Credit: Dell EMC would like to thank David Berard, from the Ubisoft Security & Risk Management team, for reporting these vulnerabilities. Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJauOjDAAoJEHbcu+fsE81Z3/wH/jL9Ub908R9cXBOLhTbwCohq pVPgYZwy8ew96iuUaqDgqy3KmarYebeZ9MAG2gxW5URYqNSO7LJBZG8Jo4qWB3gB QuShn8UvJ0yfo4vxznkXtGjxhFLopYaoN+tgDQ3IjkcH3chvAHS0dnUk9Uj7OQsx KEltBIFJmzv97ZxkCLxqEtNu0LSTFsvKhjyKl6lOJZ8yVfTZR/p+Awx1czEyJc8Z /sfRBBgqJnK3LHBNEsuqCy+wedlDHwj+/d3wBr51eR0+3UrD2jRaDQVx3VkcE7Gb DGjCoZRJ8qiWp7muB0rC7/6PxxxQcNlBludSiYDTkdrQpjot1G37w+TX1GFVUUk= =FvDE -----END PGP SIGNATURE-----

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. Dell EMC ScaleIO Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Dell EMC ScaleIO is a software-defined solution for converting DAS storage into shared data block storage from Dell. The vulnerability is caused by the program not processing packet data correctly. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities Dell EMC Identifier: DSA-2018-058 CVE Identifier: CVE-2018-1205, CVE-2018-1237, CVE-2018-1238 Severity: Medium Severity Rating: CVSS v3 Base Score: See below for CVSS v3 scores Affected products: Dell EMC ScaleIO versions prior to 2.5 Summary: Dell EMC ScaleIO customers are encouraged to update to ScaleIO v2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) * Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2018-1237) Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA. CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) * Command injection vulnerability (CVE-2018-1238) Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. CVSSv3 Base Score: 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) Resolution: The following Dell EMC ScaleIO release contains resolutions to these vulnerabilities: * Dell EMC ScaleIO version 2.5 Dell EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: Customers can download software from https://support.emc.com/downloads/40635_ScaleIO-Product-Family Credit: Dell EMC would like to thank David Berard, from the Ubisoft Security & Risk Management team, for reporting these vulnerabilities. Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJauOjDAAoJEHbcu+fsE81Z3/wH/jL9Ub908R9cXBOLhTbwCohq pVPgYZwy8ew96iuUaqDgqy3KmarYebeZ9MAG2gxW5URYqNSO7LJBZG8Jo4qWB3gB QuShn8UvJ0yfo4vxznkXtGjxhFLopYaoN+tgDQ3IjkcH3chvAHS0dnUk9Uj7OQsx KEltBIFJmzv97ZxkCLxqEtNu0LSTFsvKhjyKl6lOJZ8yVfTZR/p+Awx1czEyJc8Z /sfRBBgqJnK3LHBNEsuqCy+wedlDHwj+/d3wBr51eR0+3UrD2jRaDQVx3VkcE7Gb DGjCoZRJ8qiWp7muB0rC7/6PxxxQcNlBludSiYDTkdrQpjot1G37w+TX1GFVUUk= =FvDE -----END PGP SIGNATURE-----

Power Control FCPower is a professional power monitoring configuration software that combines general configuration software and power professional technology, and uses the latest IT technology. FCPower XKeyServer component has a denial of service vulnerability. An attacker can use this vulnerability to construct specific data, causing a denial of service or code execution

Zhongkong Taike (Shanghai) Electronic Technology Co., Ltd. is a sales and service organization based in Shanghai, a well-known biometric technology and RFID product provider. A weak password vulnerability exists in the iClock series data service of the Central Control Attendance Management System. Attackers can use this vulnerability to obtain sensitive information.

Zhongkong Taike (Shanghai) Electronic Technology Co., Ltd. is a sales and service organization based in Shanghai, a well-known biometric technology and RFID product provider. An information disclosure vulnerability exists in the iClock series of the Central Control Attendance Management System. Attackers can use this vulnerability to obtain sensitive information.

NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. NVIDIA Tegra The kernel contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegra (Tu Rui) Kernel is a Tegra (mobile super chip) package kernel of NVIDIA Corporation. CORE DVFS Thermal driver is one of the core dynamic voltage frequency adjustment drivers. A security vulnerability exists in the CORE DVFS Thermal driver in the NVIDIA Tegra kernel. An attacker could exploit this vulnerability to cause a denial of service or potentially escalate privileges

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. CUPS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Apple CUPS (Common Unix Printing System) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. A security vulnerability exists in the 'add_job' function in Apple CUPS versions prior to 2.2.6. ========================================================================== Ubuntu Security Notice USN-3713-1 July 11, 2018 cups vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in CUPS. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248) Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-4180) Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled certain include directives. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-4181) Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined the dnssd backend. A local attacker could possibly use this issue to escape confinement. (CVE-2018-6553) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: cups 2.2.7-1ubuntu2.1 Ubuntu 17.10: cups 2.2.4-7ubuntu3.1 Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.5 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.10 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3713-1 CVE-2017-18248, CVE-2018-4180, CVE-2018-4181, CVE-2018-6553 Package Information: https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.1 https://launchpad.net/ubuntu/+source/cups/2.2.4-7ubuntu3.1 https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.5 https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.10

The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. thermald Contains a link interpretation vulnerability.Information may be tampered with. thermald is a thermal daemon applied to the computer, which can prevent the computer from overheating. A security vulnerability exists in the 'main' function of the android_main.cpp file in thermald

Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. Intelbras TELEFONE IP Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelbrasTELEFONEIPTIP200/200LITE is an IP phone product from Intelbras of Brazil. A security vulnerability exists in the IntelbrasTELEFONEIPTIP200/200LITE60.0.75.29 release. A remote attacker can exploit this vulnerability to read arbitrary files by sending a \342\200\230page\342\200\231 parameter to the /cgi-bin/cgiServer.exx file

Auto Station is a PLC-IVC series programming software from INVT. Auto Station has a denial of service vulnerability. When the 'data content' entered exceeds or is less than its corresponding 'length', an attacker can obtain a null address through the GetVauleName function, causing a denial of service attack

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage. DBS3900TDDLTE is a modular network device product from China's Huawei company. Huawei DBS3900 TDD LTE is a distributed base station product of China Huawei (Huawei). This product supports wireless access to wireless networks and provides services such as video surveillance, data collection and data transmission

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. Dell EMC iDRAC7 and iDRAC8 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell iDRAC7 and iDRAC8 devices are prone to a code-injection vulnerability. An attacker can exploit this issue to inject arbitrary code in the context of the affected device. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Dell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.52.52.52 are vulnerable. Dell EMC iDRAC7 and iDRAC8 are both hardware and software system management solutions from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. Beckhoff TwinCAT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Beckhoff TwinCAT system software \"remodels\" any compatible PC into a real-time controller with a multi-PLC system, NC axis control system, programming environment and operator station, replacing traditional PLC and NC/CNC controllers and operating equipment. There is an untrusted pointer reference vulnerability in TwinCAT. Beckhoff TwinCAT is prone to multiple local privilege-escalation vulnerabilities. Beckhoff TwinCAT 2 and 3.1 are vulnerable

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. AMD Ryzen and Ryzen Pro The platform contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. Promontory chipset is one of these chipsets. An attacker could exploit this vulnerability to execute code

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. AMD Ryzen and Ryzen Pro The platform contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. Promontory chipset is one of these chipsets. An attacker could exploit this vulnerability to execute code

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. AMD Ryzen and Ryzen Pro Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. An attacker could exploit this vulnerability to disable system management mode protection, read memory, and execute arbitrary code

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. AMD EPYC Server Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD EPYC Server is a server central processing unit (CPU) data processing chip of American AMD company. An attacker could exploit this vulnerability to write or read memory and disable system management mode protection

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker could exploit the vulnerability to cause TMM to crash and fail over, resulting in a denial of service. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP AAM version 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP AFM 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP APM 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP ASM 13.0.0 and 12.1.0 through 12.1. Version 3.1; BIG-IP Link Controller Version 13.0.0 and Version 12.1.0 through Version 12.1.3.1; BIG-IP PEM Version 13.0.0 and Version 12.1.0 through Version 12.1.3.1; BIG-IP WebSafe Version 13.0.0 and versions 12.1.0 through 12.1.3.1