Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

**Vaikutus**

Critical

**Tiedot**

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Products**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Unity Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers

Dell UnityVSA Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

Dell Unity XT Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

**Products**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Unity Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers

Dell UnityVSA Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

Dell Unity XT Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

**Versiohistoria**

**Revision**

**Date**

**More Informatio**n

 

 

1.0

2022-04-29

Initial Release

 

 

2.0

2023-02-14

Added CVE-2022-22564 to Details Section.

 

 

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Dell EMC Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600

Product Security Information, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC UnityVSA (Virtual Storage Appliance)

14 helmik. 2023

CVE-2022-22564: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

**ARLINGTON, Va.****,** **Feb. 14, 2023** **/PRNewswire/ --** ThreatConnect, maker of leading threat intelligence operations (TI Ops) and risk quantification solutions, announced today the company's accelerated growth through 2022 and market leading position heading into 2023.

"With a tumultuous year marked by geopolitical and economic uncertainty that increased pressure on CISOs and their teams to improve security effectiveness and efficiency, ThreatConnect had a tremendous year in both new customer acquisition and product innovation," said Balaji Yelamanchili, CEO of ThreatConnect. "As we enter 2023, we're positioned to continue delivering market leading product innovation that enables our customers and partners to manage efficient TI Ops with quantifiable risk mitigation strategies."

**Customer & Revenue Growth** 

*   Substantial double-digit growth in new logo and expansion business, including some of the world's largest technology, financial services, healthcare, governmental, and cyber security organizations choosing ThreatConnect for their TI Ops and risk quantification initiatives.
*   Expanded risk quantification and TI Ops deployments with three of the top five software companies in the world, 12 global financial services organizations, and 33 other large enterprise customers.
*   Now serving nearly 200 global customers, including five of the top 10 software companies in the world, three of the top five airlines, three of the top five pharmaceutical companies, two of the top five insurance providers, and more than 10 defense and federal agencies.

**Threat Intelligence Operations Innovation**

The company's product and engineering teams delivered a variety of new features that enable cyber threat intelligence (CTI) teams to more efficiently investigate and create intelligence, and work with security operations (SecOps) teams to consume and operationalize threat intelligence.  These new features are designed to deliver better security outcomes in terms of mean time to detect (MTTD) and mean time to resolve (MTTR) potential threats and incidents, and drive efficiencies across teams and tools.

**Specific Innovations:** 

ThreatConnect made many useful product enhancements, including:

*   ThreatConnect's Collective Analytics Layer (CAL™), powered by Big Data and Machine Learning, increased its volume of data by 25% versus prior year to over 176 billion points of data used for scoring potential indicators of compromise (IOCs), providing insights for investigations, and categorizing relationships between indicators, threat actors, malware, and campaigns. By merging anonymized insights from ThreatConnect users with this massive data set creates the ability to have better confidence scoring and enrichment on potential IOCs that very few other players in the market can claim.
*   Natural Language Processing (NLP) capabilities to recognize MITRE ATT&CK® techniques by extracting insights from open source blogs, research, and other sources. This enables customers to get faster insights on relevant threats they are investigating.
*   Highly intuitive graph investigation capability that incorporates the customer's threat intelligence and internal case & investigation data, with insights from CAL's Automated Threat Library, including threat actors, campaigns, and ATT&CK techniques, and a growing number of third-party intelligence and enrichment sources.
*   A new reporting engine that makes it easy to create and disseminate threat intelligence reports with graphs, tables, images, and narrative descriptions.
*   New Enrich Anywhere capability automates the addition of context to indicators of compromise, allowing users to easily identify false positives and pinpoint actionable intelligence.  
*   Streamline the work of the SOC by infusing relevant threat intelligence directly into every step of their case workflow, and allowing for relevant artifacts and findings to be promoted for validation as threat intelligence by the CTI team.
*   Measure the work being done by the team with case and analyst efficiency metrics.
*   Stronger multi-tenant management of clients for MSSP and multi-tiered organizations with the introduction of Super Admin Users who can answer RFI's or work alongside analysts in other organizations without leaving their ThreatConnect instance.

**Risk Quantification Break Out Year**

*   Significant double digit annual sales growth, including new customers in healthcare, finance and manufacturing.
*   Launched technology alliance and go-to-market partnership with SecurityScorecard, resulting in 14 net new customers.
*   New go-to-market partnership with 3 of the top global software vendors.

**Industry recognition**

Winner of multiple industry accolades, including the Global Infosec Awards, Cybersecurity Excellence Award, and the top 100 most Innovative Cybersecurity companies by Expert Insights.

**Experienced Leadership and Board Advisors**

In 2022, the company added seasoned cybersecurity operators to its executive ranks with cybersecurity veterans. Balaji Yelamanchili, previously EVP and General Manager of Symantec's Enterprise Security business, joined the company as Chief Executive Officer.  Burney Barker, a veteran of Forescout, Gigamon, and Dell EMC, joined the company as Chief Revenue Officer.  In the Chief Marketing Officer role, Charles Gold joined the company, bringing more than 25 years of executive experience at category leaders including Sonatype, Virtru, and FireMon.

The company also added an elite group of enterprise cybersecurity leaders as Board Advisors.  This esteemed group includes Colin Anderson, current CISO at Ceridian and former CISO at Safeway and Levi Straus, Myrna Soto former CISO at MGM and Comcast and current Board member at Spirit Airlines and Trinet, and Patrick Joyce, CISO at Medtronic.  They will advise the company's Board and executive team on strategic product and go-to-market matters.

"Enterprises are transforming  their approach to security operations to support their move to the cloud and the digital economy while at the same time addressing a growing threat landscape and emerging threats like ransomware,"  said Yelamanchili.   "Our TI Ops and risk quantification solutions are critical to these initiatives and, given our momentum in 2022 and near term product roadmap, I couldn't be more excited about this coming year."

**About ThreatConnect**

ThreatConnect enables threat intelligence operations, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense and protection. With ThreatConnect, organizations can infuse ML and AI-powered threat intel and cyber risk quantification into their work, allowing them to orchestrate and automate processes to get the necessary insights, and respond faster and more confidently than ever before. More than 200 enterprises and thousands of security operations professionals rely on ThreatConnect every day to protect their organizations' most critical assets.

ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops)

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.

*   Aktuelles
*   Academy
*   Karriere
*   Downloads

*   Über uns
    
    *   Philosophie
    *   Presse
        *   Pressekontakt
    *   Kundenmagazin
    *   E-Mail-Service von B&R
        *   Aktuell
    *   Standorte
    *   Kontakt
    *   Impressum
    *   AGB
        *   International
        *   Italy
        *   Belgium
        *   Sweden
        *   Switzerland
        *   GTC India
    *   Produkt-Lifecycle
    *   Datenschutzmitteilungen
        *   Mitarbeiter
        *   Auftragnehmer
        *   Lieferanten
        *   Kunden
        *   Besucher
        *   Event management
        *   Bewerber
        *   Externe Öffentlichkeitsarbeit
        *   Website, Cookies und Links
    
*   Branchen
    
    *   Additive Fertigung
        *   Technologievorteile
        *   Lifecycle-Management
        *   Automatisierte Nachbearbeitung
        *   Automatisierungspartner
        *   Referenzen
    *   Automobil
        *   Maschinen und Linien
        *   B&R hat die richtige Lösung für...
    *   Batterie
    *   Druck
    *   Energie
        *   BHKW und KWK
        *   Konventionelle Kraftwerke
        *   Solarenergie
        *   Wellen- und Gezeitenkraftwerke
        *   Windenergie
        *   Öl und Gas
    *   Halbleiter / Elektronik
    *   Kunststoff
        *   Automatisierungslösungen für die Kunststoffindustrie
        *   Referenzen
        *   Applikationsberichte
    *   Maritim & Offshore
    *   Medical Device Assembly
    *   Metallverarbeitung
        *   Referenzen
    *   Mobile Automation
    *   Nahrungsmittel & Getränke
        *   Technologielösungen
        *   Prozessoptimierung
        *   Sicherheit & Qualität
        *   Service & Support
    *   Textil
        *   Maschinen und Prozesse
        *   B&R hat die richtige Lösung für...
        *   Referenzen
    *   Umwelt- und Recyclingtechnik
    *   Verpackung
        *   Referenzen
    
*   Technologie
    
    *   Adaptive Manufacturing
        *   Schlüsseltechnologien der adaptiven Fertigung
        *   Adaptive Fertigungslösungen
    *   exOS
        *   Kundenvorteile
        *   Anwendungsbeispiele - exOS in der Praxis
        *   Lösungsportfolio für jeden Anwendungsfall
        *   Integrierte Funktionen
    *   Industrial IoT
        *   IIoT-Lösungen
    *   mapp Technology
    *   OPC UA
        *   OPC UA over TSN
        *   FAQs zu OPC UA over TSN
        *   Geschichte
        *   B&R-Lösungen mit OPC UA
        *   B&R-Lösungen mit OPC UA over TSN
    *   openSAFETY
    *   POWERLINK
    *   reACTION Technology
        *   Programmierung in IEC 61131-3
        *   Anwendungsbeispiele
    *   Redundanz
    *   Sicherheitstechnik
    
*   Produkte
    
    *   Industrie PCs
        *   Automation PC 3100
        *   Automation PC 3100 mobile
        *   Automation PC 2200
        *   Automation PC 2100
        *   Automation PC 910
        *   Panel PC 3100 Multitouch
        *   Panel PC 3100 Singletouch
        *   Panel PC 2200 Multitouch
        *   Panel PC 2200 Singletouch
        *   Panel PC 2100 Multitouch
        *   Panel PC 2100 Singletouch
        *   Panel PC 1200
        *   Panel PC 900 Multitouch
        *   Panel PC 900 Singletouch
        *   Panel PC 2200 (AP5000) Tragarm Multitouch
        *   Panel PC 2200 (AP5000) Tragarm Singletouch
        *   Panel PC 2100 (AP5000) Tragarm Multitouch
        *   Panel PC 2100 (AP5000) Tragarm Singletouch
        *   Panel PC Hygienedesign Edelstahl
        *   Panel PC Hygienedesign Edelstahl, Tragarm
        *   Smart Display Link 3
        *   Smart Display Link 4
    *   Visualisieren und Bedienen
        *   Automation Panel 5000 Tragarm Multitouch
        *   Automation Panel 5000 Tragarm Singletouch
        *   Automation Panel Multitouch
        *   Automation Panel Singletouch
        *   Automation Panel Hygienedesign Edelstahl
        *   Automation Panel Hygienedesign Edelstahl, Tragarm
        *   Smart Display Link 3
        *   Smart Display Link 4
        *   Mobile Panel 7200
        *   Mobile Panel 7100
        *   Power Panel T-/C-Series
        *   Tastenmodule
        *   PANELWARE
        *   Panel Designer
    *   Steuerungssysteme
        *   X20 System
        *   X20 System coated
        *   X90 mobile Steuerungssystem
    *   I/O Systeme
        *   X20 System
        *   X20 System coated
        *   X67 System
        *   XV System
    *   Vision Systeme
        *   Kamera
        *   Beleuchtung
        *   Zubehör
        *   Applikationen
    *   Sicherheitstechnik
        *   X20 System
        *   X20 System coated
        *   X67 System
        *   ACOPOS
        *   ACOPOS P3
        *   ACOPOSmulti
        *   ACOPOSremote
        *   ACOPOSmotor
    *   Antriebstechnik
        *   Neuheiten
        *   ACOPOSmicro
        *   ACOPOS
        *   ACOPOS P3
        *   ACOPOSmulti
        *   ACOPOSremote
        *   ACOPOSmotor
        *   ACOPOSmotor Compact
        *   ACOPOSinverter
        *   Servomotoren 8WSA
        *   Getriebemotoren 8WSB
        *   Synchronmotoren 8LVA
        *   Getriebemotoren 8LVB
        *   Synchronmotoren 8LWA
        *   Synchronmotoren 8LS
        *   Synchronmotoren 8LSN
        *   Synchronmotoren 8JSA
        *   Edelstahlservomotoren 8JS
        *   Synchronmotoren 8KS
        *   Torque Motoren 8LT
        *   Schrittmotoren 80MP
        *   Standard Planetengetriebe 8G
        *   Premium Planetengetriebe 8G
        *   Economy Planetengetriebe 8G
    *   Mechatronische Systeme
        *   Neuheiten
        *   ACOPOS 6D
        *   ACOPOStrak
        *   SuperTrak
        *   Tutorials
    *   Robotik
        *   Neuheiten
        *   Roboterportfolio
        *   Integration ohne Kompromisse
        *   mapp Robotics
    *   Mobile Automation
        *   Automation PC 3100 mobile
        *   Power Panel T50 mobile
        *   ISOBUS
    *   Netzwerke und Feldbus Module
    *   Software
        *   Automation Software
        *   mapp Technology
        *   Modellierung und Simulation
        *   Betriebssysteme
        *   Fernwartung
        *   Sonstiges
        *   Utilities / Tools
    *   Prozessleittechnik
        *   APROL APC
        *   APROL ConMon
        *   APROL EnMon
        *   APROL PDA
        *   APROL Hardware
        *   APROL Software
    *   Zubehör
    *   Lern- und Lehrmaterial
        *   ETA Systemfamilie
    
*   Service
    
    *   MyPortal
    *   Supportportal
    *   Material Return Portal
    *   Material Compliance
    *   Engineering Sample Regulations
    *   Software-Registrierung
    *   Remote Access
    *   Persönliche Uploads
    *   Online meeting
    *   Lieferanten
    *   Virtual Marking
    *   Cyber Security
    

*   **International**
*   **Europe**
*   **Asia**
*   **North America**
*   **South America**

*   **deutsch**
*   **english**
*   **español**

*   **Belgium** nederlands français
*   **Česká republika** český
*   **Danmark** dansk
*   **Deutschland** deutsch
*   **España** español
*   **France** français
*   **Italia** italiano
*   **Nederland** nederlands
*   **Österreich** deutsch
*   **Polska** polski
*   **Россия** русский
*   **Sverige** svenska
*   **Switzerland** deutsch français
*   **Türkiye** türkçe
*   **United Kingdom** english

*   **中国** 中文
*   **India** english
*   **日本** 日本語

*   **Canada** english
*   **México** español
*   **USA** english

*   **Brasil** português

*    Home
*   Service
*   Cyber Security

****Kontakt zum B&R Cyber Security Team****

Haben Sie eine Frage zur Cyber-Sicherheit von B&R-Produkten?  
Möchten Sie eine Schwachstelle oder ein Sicherheitsproblem in einem B&R-Produkt melden?  
Bitte senden Sie eine verschlüsselte E-Mail an _cybersecurity@br-automation.com_ unter Verwendung unseres PGP Schlüssels

****Anonymer Kontakt****

Sollte jemand eine Schwachstelle in Verbindung mit einem B&R Produkt entdecken und B&R nicht direkt kontaktieren wollen, empfehlen wir ICS CERT (https://www.kb.cert.org/vuls/report/), jede andere nationale CERT oder eine andere koordinierende Organisation zu kontaktieren.

**Cyber Security Guidelines**

**Cyber Security Advisories and Notices**

**Code Signing Certificates**

B&R Industrial Automation signiert die zur Verfügung gestellten Software-Entwicklungen. Damit kann sichergestellt werden, dass nur Produkte, welche gemäß unserer hohen Qualitäts- und Sicherheitsansprüchen geprüft wurden mit unserem Namen versehen sind. Die unten angeführten Code Signing Zertifikate für von B&R freigegebene Produkte ermöglichen es unseren Kunden, die Integrität und Authentizität der Software Entwicklungen zu verifizieren.

Valid from

Valid to

Fingerprint

Keyfile

01.07.2015

05.08.2016

2a2839fe1affb03e619e0e3f33e91ebc4fef3b62

Download file

26.07.2016

27.07.2018

b4d11977baae8827c8ff1d466969fd5f1b91bfe7

Download file

23.05.2018

23.05.2020

748aa0d710e6877921d2b67ceda9f7c4cafaf9ed

Download file

16.10.2018

23.05.2020

934b742c32b34e856370cc0f62251b3c64cc666e

Download file

29.04.2020

23.06.2022

d095488a2b2efb0440714f6b5baaa5e60e0c5604

Download file

15.04.2021

23.06.2022

13dd07b5d864ad8723fc3549e5eb0c01331e5734

Download file

06.05.2021

12.05.2022

58176987f97e357d0643013ca3900b74ecbb7630

Download file

22.10.2021

23.10.2022

48030051866e5e41022e123de6f00345cc5b83bb

Download file

21.10.2022

22.10.2023

8c5d6238f1698dfb1bc6e46576a447d3c2a19c99

Download file

Service

*   MyPortal
*   Supportportal
*   Material Return Portal
*   Material Compliance
*   Engineering Sample Regulations
*   Software-Registrierung
*   Remote Access
*   Persönliche Uploads
*   Online meeting
*   Lieferanten
*   Virtual Marking
*   **Cyber Security**

CVE-2022-4286: Cyber Security | B&R Industrial Automation

Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

**Vaikutus**

Medium

**Tiedot**

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-23697

Dell Command | Intel vPro Out of Band

Versions before 4.4.0

4.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=08WTH

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-23697

Dell Command | Intel vPro Out of Band

Versions before 4.4.0

4.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=08WTH

**Kiitokset**

**CVE-2023-23697**: Dell Technologies would like to thank ycdxsb for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2023-02-07

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

08 helmik. 2023

CVE-2023-23697: DSA-2023-030: Dell Command | Intel vPro Out of Band Security Update for an Arbitrary Folder Deletion Vulnerability

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVEs**

**Description**

**More Information**

CVE-2023-24572

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 

See NVD (http://nvd.nist.gov/)  for additional details.

**Proprietary Code CVEs**

**Description**

**More Information**

CVE-2023-24572

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 

See NVD (http://nvd.nist.gov/)  for additional details.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-24572

Dell Command | Integration Suite for System Center

Versions prior to 6.4.0  
 

6.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=T9HK2  
 

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-24572

Dell Command | Integration Suite for System Center

Versions prior to 6.4.0  
 

6.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=T9HK2  
 

**Kiitokset**

**CVE-2023-24573**: Dell Technologies would like to thank ycdxsb for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2023-02-07

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Dell Command | Integration Suite for Microsoft System Center, Product Security Information

08 helmik. 2023

CVE-2023-24572: DSA-2023-032: Dell Command | Integration Suite for System Center Security Update for an Arbitrary Folder Deletion Vulnerability

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-46754

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.

8.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CVE-2022-46755

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious end user can edit general client policy for which the user is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46677

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially create a subgroup under a group for which the admin is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46678

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially edit general client policy for which the user is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46676

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. A malicious admin user may potentially disable or delete users under administration and unassigned admins for which the group admin is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46675

Wyse Management Suite Repository 3.8 and earlier contain an information disclosure vulnerability in error pages with which an attacker may potentially discover the internal structure of the application and its components and use this information for further vulnerability research.

5.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

 

**Third-party Component**

**CVEs**

**More information**

Swagger-UI (DOMPurify)

CVE-2020-26870

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

OpenJDK

CVE-2022-34169

Gson

CVE-2022-25647

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-46754

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.

8.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CVE-2022-46755

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious end user can edit general client policy for which the user is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46677

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially create a subgroup under a group for which the admin is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46678

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially edit general client policy for which the user is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46676

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. A malicious admin user may potentially disable or delete users under administration and unassigned admins for which the group admin is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46675

Wyse Management Suite Repository 3.8 and earlier contain an information disclosure vulnerability in error pages with which an attacker may potentially discover the internal structure of the application and its components and use this information for further vulnerability research.

5.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

 

**Third-party Component**

**CVEs**

**More information**

Swagger-UI (DOMPurify)

CVE-2020-26870

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

OpenJDK

CVE-2022-34169

Gson

CVE-2022-25647

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Wyse Management Suite

3.8 and earlier

4.0

Dell Wyse Management Suite

Dell Wyse Management Suite Repository

3.8 and earlier

4.0

Dell Wyse Management Suite Repository

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Wyse Management Suite

3.8 and earlier

4.0

Dell Wyse Management Suite

Dell Wyse Management Suite Repository

3.8 and earlier

4.0

Dell Wyse Management Suite Repository

**Kiitokset**

Dell Technologies would like to thank Marius Gabriel Mihai for reporting CVE-2020-26870.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-12-19

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

03 tammik. 2023

CVE-2022-46755: DSA-2022-329: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34446

PowerPath Management Appliance with versions 3.3 and 3.2\* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (such as, of role Monitoring) may potentially exploit this issue and gain access to sensitive information and modify the configuration.

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34447

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains operating system Command Injection vulnerability. An authenticated remote attacker with administrative privileges may potentially exploit the issue and perform commands on the system as the root user.

7.2

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34448

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains a Cross-site Request Forgery vulnerability. An unauthenticated nonprivileged user may potentially exploit the issue and perform any privileged state-changing actions. 

8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-34449

PowerPath Management Appliance with versions 3.3 and 3.2\* contains a hard-coded Cryptographic Keys vulnerability. Authenticated admin users may potentially exploit the issue that leads to view and modifying sensitive information that is stored in the application.

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVE-2022-34450

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user may potentially exploit this issue and gain unrestricted control/code execution on the system as root.

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34451

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user may potentially exploit this vulnerability to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.

4.8  
 

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N  
 

CVE-2022-34452

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains sensitive information disclosure vulnerability. An Authenticated admin user may potentially be able to exploit the issue and view sensitive information that is stored in the logs.

2.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

  

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34446

PowerPath Management Appliance with versions 3.3 and 3.2\* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (such as, of role Monitoring) may potentially exploit this issue and gain access to sensitive information and modify the configuration.

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34447

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains operating system Command Injection vulnerability. An authenticated remote attacker with administrative privileges may potentially exploit the issue and perform commands on the system as the root user.

7.2

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34448

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains a Cross-site Request Forgery vulnerability. An unauthenticated nonprivileged user may potentially exploit the issue and perform any privileged state-changing actions. 

8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-34449

PowerPath Management Appliance with versions 3.3 and 3.2\* contains a hard-coded Cryptographic Keys vulnerability. Authenticated admin users may potentially exploit the issue that leads to view and modifying sensitive information that is stored in the application.

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVE-2022-34450

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user may potentially exploit this issue and gain unrestricted control/code execution on the system as root.

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34451

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user may potentially exploit this vulnerability to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.

4.8  
 

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N  
 

CVE-2022-34452

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains sensitive information disclosure vulnerability. An Authenticated admin user may potentially be able to exploit the issue and view sensitive information that is stored in the logs.

2.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

  

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed** 

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-34447

PowerPath Management Appliance

3.3, 3.2\*, 3.1 & 3.0\*

3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers

CVE-2022-34448

CVE-2022-34451

CVE-2022-34452

CVE-2022-34446

PowerPath Management Appliance

3.3 & 3.2\*

3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers

CVE-2022-34449

CVE-2022-34450

PowerPath Management Appliance

   3.3

  3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers  
 

**CVEs Addressed** 

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-34447

PowerPath Management Appliance

3.3, 3.2\*, 3.1 & 3.0\*

3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers

CVE-2022-34448

CVE-2022-34451

CVE-2022-34452

CVE-2022-34446

PowerPath Management Appliance

3.3 & 3.2\*

3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers

CVE-2022-34449

CVE-2022-34450

PowerPath Management Appliance

   3.3

  3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers  
 

**Versiohistoria**

Revision

Date

Description

1.0

2022-11-15

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

15 marrask. 2022

CVE-2022-34451: DSA-2022-283: PowerPath Management Appliance Security Update for Multiple Security Vulnerabilities

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34404

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34404

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVE(s) Addressed**

**Product**

**Affected Version(s)**

**Updated Version(s)**

**Link to Update**

CVE-2022-34404

DSU  
 

Versions prior to 2.0.1.0  
 

2.0.1.0

https://www.dell.com/support/home/drivers/driversdetails?driverid=8d3x6

**CVE(s) Addressed**

**Product**

**Affected Version(s)**

**Updated Version(s)**

**Link to Update**

CVE-2022-34404

DSU  
 

Versions prior to 2.0.1.0  
 

2.0.1.0

https://www.dell.com/support/home/drivers/driversdetails?driverid=8d3x6

**Keinoja ongelman kiertämiseen tai lieventämiseen**

None.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-09-26

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Dell System Update v1.3, Dell System update v1.3.1, Dell System Update v1.1, Dell System Update v1.2, Product Security Information, Dell System update v1.4.0

26 syysk. 2022

CVE-2022-34404: DSA-2022-254: Dell System Update (DSU) Security Update for a Self-Signed Certificate Vulnerability

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

**Artikkelin sisältö**

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSSBase Score**

**CVSS Vector String**

CVE-2022-34377

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

1.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CVE-2022-34376

Dell PowerEdge BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.

3.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

CVE-2022-34406

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34407

CVE-2022-34408

CVE-2022-34409

CVE-2022-34410

CVE-2022-34411

CVE-2022-34412

CVE-2022-34413

CVE-2022-34414

CVE-2022-34415

CVE-2022-34416

CVE-2022-34417

CVE-2022-34418

CVE-2022-34419

CVE-2022-34420

CVE-2022-34421

CVE-2022-34422

CVE-2022-34423

**Proprietary Code CVEs**

**Description**

**CVSSBase Score**

**CVSS Vector String**

CVE-2022-34377

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

1.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CVE-2022-34376

Dell PowerEdge BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.

3.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

CVE-2022-34406

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34407

CVE-2022-34408

CVE-2022-34409

CVE-2022-34410

CVE-2022-34411

CVE-2022-34412

CVE-2022-34413

CVE-2022-34414

CVE-2022-34415

CVE-2022-34416

CVE-2022-34417

CVE-2022-34418

CVE-2022-34419

CVE-2022-34420

CVE-2022-34421

CVE-2022-34422

CVE-2022-34423

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions or later**

**Link to Update**

R6515

Before 2.9.3

2.9.3

R6515 Drivers & Downloads

R7515

Before 2.9.3

2.9.3

R7515 Drivers & Downloads

R6525

Before 2.9.3

2.9.3

R6525 Drivers & Downloads

R7525

Before 2.9.3

2.9.3

R7525 Drivers & Downloads

XE8545

Before 2.9.4

2.9.4

XE8545 Drivers & Downloads

C6525

Before 2.9.4

2.9.4

C6525 Drivers & Downloads

R6415

Before 1.19.0

1.19.0

R6415 Drivers & Downloads

R7415

Before 1.19.0

1.19.0

R7415 Drivers & Downloads

R7425

Before 1.19.0

1.19.0

R7425 Drivers & Downloads

R750

Before 1.8.2

1.8.2

R750 Drivers & Downloads

R750XA

Before 1.8.2

1.8.2

R750XA Drivers & Downloads

R650

Before 1.8.2

1.8.2

R650 Drivers & Downloads

C6520

Before 1.8.2

1.8.2

C6520 Drivers & Downloads

MX750c

Before 1.8.2

1.8.2

MX750c Drivers & Downloads

R450

Before 1.8.2

1.8.2

R450 Drivers & Downloads

R550

Before 1.8.2

1.8.2

R550 Drivers & Downloads

R650xs

Before 1.8.2

1.8.2

R650xs Drivers & Downloads

R750xs

Before 1.8.2

1.8.2

R750xs Drivers & Downloads

T550

Before 1.8.2

1.8.2

T550 Drivers & Downloads

XR11

Before 1.8.2

1.8.2

XR11 Drivers & Downloads

XR12

Before 1.8.2

1.8.2

XR12 Drivers & Downloads

R250

Before 1.4.2

1.4.2

R250 Drivers & Downloads

R350

Before 1.4.2

1.4.2

R350 Drivers & Downloads

T150

Before 1.4.2

1.4.2

T150 Drivers & Downloads

T350

Before 1.4.2

1.4.2

T350 Drivers & Downloads

R740

Before 2.16.1

2.16.1

R740 Drivers & Downloads

R740XD

Before 2.16.1

2.16.1

R740XD Drivers & Downloads

R640

Before 2.16.1

2.16.1

R640 Drivers & Downloads

R940

Before 2.16.1

2.16.1

R940 Drivers & Downloads

R540

Before 2.16.1

2.16.1

R540 Drivers & Downloads

R440

Before 2.16.1

2.16.1

R440 Drivers & Downloads

T440

Before 2.16.1

2.16.1

T440 Drivers & Downloads

XR2

Before 2.16.1

2.16.1

XR2 Drivers & Downloads

R740XD2

Before 2.16.1

2.16.1

R740XD2 Drivers & Downloads

R840

Before 2.16.1

2.16.1

R840 Drivers & Downloads

R940XA

Before 2.16.1

2.16.1

R940XA Drivers & Downloads

T640

Before 2.16.1

2.16.1

T640 Drivers & Downloads

C6420

Before 2.16.1

2.16.1

C6420 Drivers & Downloads

FC640

Before 2.16.1

2.16.1

FC640 Drivers & Downloads

M640

Before 2.16.1

2.16.1

M640 Drivers & Downloads

M640P

Before 2.16.1

2.16.1

M640P Drivers & Downloads

MX740C

Before 2.16.1

2.16.1

MX740C Drivers & Downloads

MX840C

Before 2.16.1

2.16.1

MX840C Drivers & Downloads

C4140

Before 2.16.1

2.16.1

C4140 Drivers & Downloads

DSS8440

Before 2.16.1

2.16.1

DSS8440 Drivers & Downloads

T140

Before 2.11.1

2.11.1

T140 Drivers & Downloads

T340

Before 2.11.1

2.11.1

T340 Drivers & Downloads

R240

Before 2.11.1

2.11.1

R240 Drivers & Downloads

R340

Before 2.11.1

2.11.1

R340 Drivers & Downloads

XE2420

Before 2.16.0

2.16.0

XE2420 Drivers & Downloads

XE7420

Before 2.16.1

2.16.1

XE7420 Drivers & Downloads

XE7440

Before 2.16.1

2.16.1

XE7440 Drivers & Downloads

R730

Before 2.16.0

2.16.0

R730 Drivers & Downloads

R730xd

Before 2.16.0

2.16.0

R730XD Drivers & Downloads

R630

Before 2.16.0

2.16.0

R630 Drivers & Downloads

C4130

Before 2.16.0

2.16.0

C4130 Drivers & Downloads  

R930

Before 2.16.0

2.11.0

R930 Drivers & Downloads

M630

Before 2.16.0

2.16.0

M630 Drivers & Downloads

M630p

Before 2.16.0

2.16.0

M630P Drivers & Downloads

FC630

Before 2.16.0

2.16.0

FC630 Drivers & Downloads

FC430

Before 2.16.0

2.16.0

FC430 Drivers & Downloads

M830

Before 2.16.0

2.16.0

M830 Drivers & Downloads

M830p

Before 2.16.0

2.16.0

M830P Drivers & Downloads

FC830

Before 2.16.0

2.16.0

FC830 Drivers & Downloads

T630

Before 2.16.0

2.16.0

T630 Drivers & Downloads

R530

Before 2.16.0

2.16.0

R530 Drivers & Downloads

R430

Before 2.16.0

2.16.0

R430 Drivers & Downloads

T430

Before 2.16.0

2.16.0

T430 Drivers & Downloads

R830

Before 1.16.0

1.16.0

R830 Drivers & Downloads

C6320

Before 2.16.0

2.16.0

C6320 Drivers & Downloads

T130

Before 2.16.0 

2.16.0

T130 Drivers & Downloads

R230

Before 2.16.0 

2.16.0

R230 Drivers & Downloads

T330

Before 2.16.0 

2.16.0

T330 Drivers & Downloads

R330

Before 2.16.0 

2.16.0

R330 Drivers & Downloads

NX430

Before 2.16.0

2.16.0

NX430 Drivers & Downloads

NX3230

Before 2.16.0

2.16.0

NX3230 Drivers & Downloads

NX3330

Before 2.16.0

2.16.0

NX3330 Drivers & Downloads

NX440

Before 2.11.1

2.11.1

NX440 Drivers & Downloads

NX3240

Before 2.16.1

2.16.1

NX3240 Drivers & Downloads

NX3340

Before 2.16.1

2.16.1

NX3340 Drivers & Downloads

**Note:**  
For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:

*   From the **BIOS - Systems Utilities** screen, select System **Configuration** \> **BIOS/Platform Configuration (RBSI)** > **System Options** > **Processor Options** > **Intel Software Guard Extensions (SGX)** and press **Enter**.
*   If it is set to **Enabled or software controlled**, then the SGX function is enabled.

**Product**

**Affected Versions**

**Updated Versions or later**

**Link to Update**

R6515

Before 2.9.3

2.9.3

R6515 Drivers & Downloads

R7515

Before 2.9.3

2.9.3

R7515 Drivers & Downloads

R6525

Before 2.9.3

2.9.3

R6525 Drivers & Downloads

R7525

Before 2.9.3

2.9.3

R7525 Drivers & Downloads

XE8545

Before 2.9.4

2.9.4

XE8545 Drivers & Downloads

C6525

Before 2.9.4

2.9.4

C6525 Drivers & Downloads

R6415

Before 1.19.0

1.19.0

R6415 Drivers & Downloads

R7415

Before 1.19.0

1.19.0

R7415 Drivers & Downloads

R7425

Before 1.19.0

1.19.0

R7425 Drivers & Downloads

R750

Before 1.8.2

1.8.2

R750 Drivers & Downloads

R750XA

Before 1.8.2

1.8.2

R750XA Drivers & Downloads

R650

Before 1.8.2

1.8.2

R650 Drivers & Downloads

C6520

Before 1.8.2

1.8.2

C6520 Drivers & Downloads

MX750c

Before 1.8.2

1.8.2

MX750c Drivers & Downloads

R450

Before 1.8.2

1.8.2

R450 Drivers & Downloads

R550

Before 1.8.2

1.8.2

R550 Drivers & Downloads

R650xs

Before 1.8.2

1.8.2

R650xs Drivers & Downloads

R750xs

Before 1.8.2

1.8.2

R750xs Drivers & Downloads

T550

Before 1.8.2

1.8.2

T550 Drivers & Downloads

XR11

Before 1.8.2

1.8.2

XR11 Drivers & Downloads

XR12

Before 1.8.2

1.8.2

XR12 Drivers & Downloads

R250

Before 1.4.2

1.4.2

R250 Drivers & Downloads

R350

Before 1.4.2

1.4.2

R350 Drivers & Downloads

T150

Before 1.4.2

1.4.2

T150 Drivers & Downloads

T350

Before 1.4.2

1.4.2

T350 Drivers & Downloads

R740

Before 2.16.1

2.16.1

R740 Drivers & Downloads

R740XD

Before 2.16.1

2.16.1

R740XD Drivers & Downloads

R640

Before 2.16.1

2.16.1

R640 Drivers & Downloads

R940

Before 2.16.1

2.16.1

R940 Drivers & Downloads

R540

Before 2.16.1

2.16.1

R540 Drivers & Downloads

R440

Before 2.16.1

2.16.1

R440 Drivers & Downloads

T440

Before 2.16.1

2.16.1

T440 Drivers & Downloads

XR2

Before 2.16.1

2.16.1

XR2 Drivers & Downloads

R740XD2

Before 2.16.1

2.16.1

R740XD2 Drivers & Downloads

R840

Before 2.16.1

2.16.1

R840 Drivers & Downloads

R940XA

Before 2.16.1

2.16.1

R940XA Drivers & Downloads

T640

Before 2.16.1

2.16.1

T640 Drivers & Downloads

C6420

Before 2.16.1

2.16.1

C6420 Drivers & Downloads

FC640

Before 2.16.1

2.16.1

FC640 Drivers & Downloads

M640

Before 2.16.1

2.16.1

M640 Drivers & Downloads

M640P

Before 2.16.1

2.16.1

M640P Drivers & Downloads

MX740C

Before 2.16.1

2.16.1

MX740C Drivers & Downloads

MX840C

Before 2.16.1

2.16.1

MX840C Drivers & Downloads

C4140

Before 2.16.1

2.16.1

C4140 Drivers & Downloads

DSS8440

Before 2.16.1

2.16.1

DSS8440 Drivers & Downloads

T140

Before 2.11.1

2.11.1

T140 Drivers & Downloads

T340

Before 2.11.1

2.11.1

T340 Drivers & Downloads

R240

Before 2.11.1

2.11.1

R240 Drivers & Downloads

R340

Before 2.11.1

2.11.1

R340 Drivers & Downloads

XE2420

Before 2.16.0

2.16.0

XE2420 Drivers & Downloads

XE7420

Before 2.16.1

2.16.1

XE7420 Drivers & Downloads

XE7440

Before 2.16.1

2.16.1

XE7440 Drivers & Downloads

R730

Before 2.16.0

2.16.0

R730 Drivers & Downloads

R730xd

Before 2.16.0

2.16.0

R730XD Drivers & Downloads

R630

Before 2.16.0

2.16.0

R630 Drivers & Downloads

C4130

Before 2.16.0

2.16.0

C4130 Drivers & Downloads  

R930

Before 2.16.0

2.11.0

R930 Drivers & Downloads

M630

Before 2.16.0

2.16.0

M630 Drivers & Downloads

M630p

Before 2.16.0

2.16.0

M630P Drivers & Downloads

FC630

Before 2.16.0

2.16.0

FC630 Drivers & Downloads

FC430

Before 2.16.0

2.16.0

FC430 Drivers & Downloads

M830

Before 2.16.0

2.16.0

M830 Drivers & Downloads

M830p

Before 2.16.0

2.16.0

M830P Drivers & Downloads

FC830

Before 2.16.0

2.16.0

FC830 Drivers & Downloads

T630

Before 2.16.0

2.16.0

T630 Drivers & Downloads

R530

Before 2.16.0

2.16.0

R530 Drivers & Downloads

R430

Before 2.16.0

2.16.0

R430 Drivers & Downloads

T430

Before 2.16.0

2.16.0

T430 Drivers & Downloads

R830

Before 1.16.0

1.16.0

R830 Drivers & Downloads

C6320

Before 2.16.0

2.16.0

C6320 Drivers & Downloads

T130

Before 2.16.0 

2.16.0

T130 Drivers & Downloads

R230

Before 2.16.0 

2.16.0

R230 Drivers & Downloads

T330

Before 2.16.0 

2.16.0

T330 Drivers & Downloads

R330

Before 2.16.0 

2.16.0

R330 Drivers & Downloads

NX430

Before 2.16.0

2.16.0

NX430 Drivers & Downloads

NX3230

Before 2.16.0

2.16.0

NX3230 Drivers & Downloads

NX3330

Before 2.16.0

2.16.0

NX3330 Drivers & Downloads

NX440

Before 2.11.1

2.11.1

NX440 Drivers & Downloads

NX3240

Before 2.16.1

2.16.1

NX3240 Drivers & Downloads

NX3340

Before 2.16.1

2.16.1

NX3340 Drivers & Downloads

**Note:**  
For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:

*   From the **BIOS - Systems Utilities** screen, select System **Configuration** \> **BIOS/Platform Configuration (RBSI)** > **System Options** > **Processor Options** > **Intel Software Guard Extensions (SGX)** and press **Enter**.
*   If it is set to **Enabled or software controlled**, then the SGX function is enabled.

**Kiitokset**

CVE-2022-34377,CVE-2022-34376: Dell would like to thank Yngwei for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-12-15

Initial release

1.1

2023-02-10

Add PowerVault NX models.

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

**Artikkelin ominaisuudet**

**Tuote, johon asia vaikuttaa**

DSS 8440, PowerEdge XR2, PowerEdge C4130, PowerEdge C4140, PowerEdge C6320, PowerEdge C6420, PowerEdge C6520, PowerEdge C6525, PowerEdge FC430, PowerEdge FC630, PowerEdge FC640, PowerEdge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX) , PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge MX740c, PowerEdge MX750c, PowerEdge MX840c, PowerEdge R230, PowerEdge R250, PowerEdge R330, PowerEdge R350, PowerEdge R430, PowerEdge R440, PowerEdge R450, PowerEdge R530, PowerEdge R540, PowerEdge R550, PowerEdge R630, PowerEdge R640, PowerEdge R6415, PowerEdge R650, PowerEdge R650xs, PowerEdge R6515, PowerEdge R6525, PowerEdge R730, PowerEdge R730xd, PowerEdge R740, PowerEdge R740xd, PowerEdge R740xd2, PowerEdge R7415, PowerEdge R7425, PowerEdge R750, PowerEdge R750xa, PowerEdge R750xs, PowerEdge R7515, PowerEdge R830, PowerEdge R840, PowerEdge R930, PowerEdge R940, PowerEdge R940xa, PowerEdge T130, PowerEdge T140, PowerEdge T150, PowerEdge T330, PowerEdge T340, PowerEdge T350, PowerEdge T430, PowerEdge T440, PowerEdge T550, PowerEdge T630, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440, PowerEdge XE8545, PowerEdge XR11, PowerEdge XR12, PowerVault NX3000, PowerVault NX3100, PowerVault NX3200, PowerVault NX3300, PowerVault NX3500, PowerVault NX3600, PowerVault NX3610, Powervault NX400, Product Security Information ...

**Edellinen julkaisupäivä**

10 helmik. 2023

**Versio**

2

**Artikkelin tyyppi**

Dell Security Advisory

CVE-2022-34377: DSA-2022-204: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability

Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information. An attacker could potentially exploit this vulnerability and have access to private information.

**Vaikutus**

Medium

**Tiedot**

Only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities. Public disclosure of the vulnerability details will be shared later.

Only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities. Public disclosure of the vulnerability details will be shared later.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Affected Products:**  
Dell BSAFE SSL-J version 7.0 and all versions before 6.5.

**Remediation:**  
The following releases address this vulnerability:  
Dell BSAFE SSL-J 6.5 and Dell BSAFE SSL-J 7.1

Dell Technologies recommends all customers upgrade at the earliest opportunity.

**Affected Products:**  
Dell BSAFE SSL-J version 7.0 and all versions before 6.5.

**Remediation:**  
The following releases address this vulnerability:  
Dell BSAFE SSL-J 6.5 and Dell BSAFE SSL-J 7.1

Dell Technologies recommends all customers upgrade at the earliest opportunity.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-09-12

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

12 syysk. 2022

Tag

#dell