ESB-2017.2903.2 - UPDATE [Appliance] Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products: Multiple vulnerabilities 2017-12-06

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2017.2903.2
        Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products
                              6 December 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           SCALANCE
                   SIMATIC
                   RUGGEDCOM
                   SINAMICS
Publisher:         Siemens
Operating System:  Network Appliance
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
                   Denial of Service      -- Remote/Unauthenticated
Resolution:        Mitigation
CVE Names:         CVE-2017-13088 CVE-2017-13087 CVE-2017-13086
                   CVE-2017-13084 CVE-2017-13082 CVE-2017-13081
                   CVE-2017-13080 CVE-2017-13079 CVE-2017-13078
                   CVE-2017-13077  

Reference:         ESB-2017.2600
                   ESB-2017.2599
                   ESB-2017.2601.3

Original Bulletin: 
   https://ics-cert.us-cert.gov/advisories/ICSA-17-318-01

Revision History:  December  6 2017:  	This updated advisory contains 
					mitigation details for security 
					features vulnerabilities in the 
					Siemens SCALANCE, SIMATIC, RUGGEDCOM, 
					and SINAMICS Products.
                   November 15 2017: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Advisory (ICSA-17-318-01)

Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products

Original release date: November 14, 2017

Legal Notice

All information products included in http://ics-cert.us-cert.gov are
provided "as is" for informational purposes only. The Department of Homeland
Security (DHS) does not provide any warranties of any kind regarding any
information contained within. DHS does not endorse any commercial product or
service, referenced in this product or otherwise. Further dissemination of this
product is governed by the Traffic Light Protocol (TLP) marking in the header.
For more information about TLP, see http://www.us-cert.gov/tlp/.

- -------------------------------------------------------------------------------


CVSS v3 6.8

Vendor: Siemens

Equipment: SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products

Vulnerabilities: Security Features

AFFECTED PRODUCTS

Siemens reports that the key reinstallation attacks (KRACK) potentially affect
the following Siemens industrial products:

  * SCALANCE W1750D: All versions,
  * SCALANCE WLC711: All versions,
  * SCALANCE WLC712: All versions,
  * SCALANCE W-700 (IEEE 802.11n): All versions,
  * SCALANCE W-700 (IEEE 802.11a/b/g): All versions,
  * SIMATIC IWLAN-PB/LINK: All versions,
  * RUGGEDCOM RX1400 with WLAN interface: All versions,
  * RUGGEDCOM RS9xxW: All versions,
  * SIMATIC Mobile Panel 277(F) IWLAN: All versions,
  * SIMATIC ET200 PRO IM154-6 PN IWLAN: All versions, and
  * SINAMICS V20 Smart Access Module: All versions.

IMPACT

Successful exploitation of these vulnerabilities could potentially allow an
attacker within the radio range of the wireless network to decrypt, replay, or
inject forged network packets into the wireless communication.

MITIGATION

SCALANCE W1750D devices are not vulnerable in the default configuration. Only
users who enable the "Mesh" or "WiFi uplink" functionality are affected by the
vulnerabilities. Disabling these functionalities will completely mitigate the
vulnerabilities.

SCALANCE WLC711 and WLC712 can deactivate IEEE 802.11r, "MeshConnect", and
"Client Bridge Mode" to reduce the risk, provided these modes have been
activated and are not required for the operation of the wireless environment.
All three functions are turned off by default.

SCALANCE W-700 standalone Access Points, RUGGEDCOM RX1400 and RS9xxW, are not
vulnerable if operated in Access Point mode.

SCALANCE W-700 standalone devices, SIMATIC Mobile Panel 277F IWLAN, and SIMATIC
ET200 WLAN, are not affected if the iPCF, iPCF-MC, or iPCF-HT features are
enabled.

For the remaining affected products or if the mitigations outlined previously
cannot be implemented, Siemens recommends the following mitigations in the
meantime:

  * Ensure multiple layers of security. Do not depend on the security of WPA2
    alone.
  * Use WPA2-CCMP (AES) instead of WPA2-TKIP or WPA-GCMP, if supported by the
    WLAN clients, to reduce the risk of potential attacks.
  * Apply defense-in-depth.

https://www.siemens.com/cert/operational-guidelines-industrial-security

For more information on this vulnerability and more detailed mitigation
instructions, please see Siemens Security Advisory SSA-901333 at the following
location:

http://www.siemens.com/cert/en/cert-security-advisories.htm

ICS-CERT reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

ICS-CERT also provides a section for control systems security recommended
practices on the ICS-CERT web page. Several recommended practices are available
for reading and download, including Improving Industrial Control Systems
Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available
in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber
Intrusion Detection and Mitigation Strategies, that is available for download
from the ICS-CERT web site.

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to ICS-CERT for
tracking and correlation against other incidents.

These vulnerabilities have been publicly disclosed. These vulnerabilities are
exploitable from an adjacent network. High skill level is needed to exploit.

VULNERABILITY OVERVIEW

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) allows reinstallation of the pairwise key
in the four-way handshake.

CVE-2017-13077 has been assigned to this vulnerability. A CVSS v3 base score of
4.2 has been calculated; the CVSS vector string is
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) allows reinstallation of the group
temporal key (GTK) during the four-way handshake, allowing an attacker within
radio range to replay frames from access points to clients.

CVE-2017-13078 has been assigned to this vulnerability. A CVSS v3 base score of
4.2 has been calculated; the CVSS vector string is
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows
reinstallation of the integrity group temporal key (IGTK) during the four-way
handshake, allowing an attacker within radio range to spoof frames from access
points to clients.

CVE-2017-13079 has been assigned to this vulnerability. A CVSS v3 base score of
5.9 has been calculated; the CVSS vector string is
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) allows reinstallation of the group
temporal key (GTK) during the group key handshake, allowing an attacker within
radio range to replay frames from access points to clients.

CVE-2017-13080 has been assigned to this vulnerability. A CVSS v3 base score of
4.2 has been calculated; the CVSS vector string is
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows
reinstallation of the integrity group temporal key (IGTK) during the group key
handshake, allowing an attacker within radio range to spoof frames from access
points to clients.

CVE-2017-13081 has been assigned to this vulnerability. A CVSS v3 base score of
4.2 has been calculated; the CVSS vector string is
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) that supports IEEE 802.11r allows
reinstallation of the pairwise transient key (PTK) temporal key (TK) during the
fast BSS transmission (FT) handshake, allowing an attacker within radio range
to replay, decrypt, or spoof frames.

CVE-2017-13082 has been assigned to this vulnerability. A CVSS v3 base score of
6.8 has been calculated; the CVSS vector string is
(AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) allows reinstallation of the
station-to-station-link (STSL) transient key (STK) during the PeerKey
handshake, allowing an attacker within radio range to replay, decrypt, or spoof
frames.

CVE-2017-13084 has been assigned to this vulnerability. A CVSS v3 base score of
6.8 has been calculated; the CVSS vector string is
(AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) allows reinstallation of the tunneled
direct-link setup (TDLS) peer key (TPK) during the TDLS handshake, allowing an
attacker within radio range to replay, decrypt, or spoof frames.

CVE-2017-13086 has been assigned to this vulnerability. A CVSS v3 base score of
6.8 has been calculated; the CVSS vector string is
(AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) that support 802.11v allows
reinstallation of the group temporal key (GTK) when processing a wireless
network management (WNM) sleep mode response frame, allowing an attacker within
radio range to replay frames from access points to clients.

CVE-2017-13087 has been assigned to this vulnerability. A CVSS v3 base score of
4.2 has been calculated; the CVSS vector string is
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) that support 802.11v allows
reinstallation of the integrity group temporal key (IGTK) when processing a
wireless network management (WNM) sleep mode response frame, allowing an
attacker within radio range to replay frames from access points to clients.

CVE-2017-13088 has been assigned to this vulnerability. A CVSS v3 base score of
4.2 has been calculated; the CVSS vector string is
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

RESEARCHER

Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered
these vulnerabilities.

BACKGROUND

Critical Infrastructure Sectors: Chemical, Energy, Food and Agriculture,
Healthcare and Public Health, Transportation Systems, and Water and Wastewater
Systems

Countries/Areas Deployed: Worldwide

Company Headquarters Location: Germany


Contact Information

For any questions related to this report, please contact ICS-CERT at:

Email: ics-cert@hq.dhs.gov
Toll Free: 1-877-776-7585
International Callers: (208) 526-0900

For industrial control systems security information and incident reporting:
http://ics-cert.us-cert.gov

US-CERT is part of the Department of Homeland Security.

- -----------------------------------------------------------------------------

Advisory (ICSA-17-318-01A)

Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update A)

Original release date: November 14, 2017 | Last revised: December 05, 2017

All information products included in http://ics-cert.us-cert.gov are provided
"as is" for informational purposes only. The Department of Homeland Security 
(DHS) does not provide any warranties of any kind regarding any information 
contained within. DHS does not endorse any commercial product or service, 
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For 
more information about TLP, see http://www.us-cert.gov/tlp/.

CVSS v3 6.8

Vendor: Siemens

Equipment: SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products

Vulnerabilities: Security Features

UPDATE INFORMATION

This updated advisory is a follow-up to the original advisory titled 
ICSA-17-318-01 Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products 
that was published November 14, 2017, on the NCCIC/ICS-CERT web site.

AFFECTED PRODUCTS

- --------- Begin Update A Part 1 of 2 --------

Siemens reports that the key reinstallation attacks (KRACK) potentially affect
the following Siemens industrial products:

SCALANCE W1750D: All versions,

SCALANCE WLC711: All versions,

SCALANCE WLC712: All versions,

SCALANCE W-700 (IEEE 802.11n): All versions prior to V6.2.1,

SCALANCE W-700 (IEEE 802.11a/b/g): All versions,

SIMATIC IWLAN-PB/LINK: All versions,

RUGGEDCOM RX1400 with WLAN interface: All versions,

RUGGEDCOM RS9xxW: All versions,

SIMATIC Mobile Panel 277(F) IWLAN: All versions,

SIMATIC ET200 PRO IM154-6 PN IWLAN: All versions, and

SINAMICS V20 Smart Access Module: All versions.

- --------- End Update A Part 1 of 2 ----------

IMPACT

Successful exploitation of these vulnerabilities could potentially allow an 
attacker within the radio range of the wireless network to decrypt, replay, or
inject forged network packets into the wireless communication.

MITIGATION

- --------- Begin Update A Part 2 of 2 --------

Siemens has provided the following update to address the vulnerabilities in 
the affected product:

SCALANCE W-700 (IEEE 802.11n): V6.2.1:

https://support.industry.siemens.com/cs/ww/en/view/109752596 (link is 
external)

- --------- End Update A Part 2 of 2 ----------

SCALANCE W1750D devices are not vulnerable in the default configuration. Only
users who enable the Mesh or WiFi uplink functionality are affected by the 
vulnerabilities. Disabling these functionalities will completely mitigate the
vulnerabilities.

SCALANCE WLC711 and WLC712 can deactivate IEEE 802.11r, MeshConnect, and 
Client Bridge Mode to reduce the risk, provided these modes have been 
activated and are not required for the operation of the wireless environment.
All three functions are turned off by default.

SCALANCE W-700 standalone Access Points, RUGGEDCOM RX1400 and RS9xxW, are not
vulnerable if operated in Access Point mode.

SCALANCE W-700 standalone devices, SIMATIC Mobile Panel 277F IWLAN, and 
SIMATIC ET200 WLAN, are not affected if the iPCF, iPCF-MC, or iPCF-HT features
are enabled.

For the remaining affected products or if the mitigations outlined previously
cannot be implemented, Siemens recommends the following mitigations in the 
meantime:

Ensure multiple layers of security. Do not depend on the security of WPA2 
alone.

Use WPA2-CCMP (AES) instead of WPA2-TKIP or WPA-GCMP, if supported by the WLAN
clients, to reduce the risk of potential attacks.

Apply defense-in-depth.

https://www.siemens.com/cert/operational-guidelines-industrial-security (link
is external)

For more information on this vulnerability and more detailed mitigation 
instructions, please see Siemens Security Advisory SSA-901333 at the following
location:

http://www.siemens.com/cert/en/cert-security-advisories.htm (link is external)

ICS-CERT reminds organizations to perform proper impact analysis and risk 
assessment prior to deploying defensive measures.

ICS-CERT also provides a section for control systems security recommended 
practices on the ICS-CERT web page. Several recommended practices are 
available for reading and download, including Improving Industrial Control 
Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly 
available in the ICSCERT Technical Information Paper, 
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation 
Strategies, that is available for download from the ICS-CERT web site.

Organizations observing any suspected malicious activity should follow their 
established internal procedures and report their findings to ICS-CERT for 
tracking and correlation against other incidents.

These vulnerabilities have been publicly disclosed. These vulnerabilities are
exploitable from an adjacent network. High skill level is needed to exploit.

VULNERABILITY OVERVIEW

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) allows reinstallation of the pairwise 
key in the four-way handshake.

CVE-2017-13077 has been assigned to this vulnerability. A CVSS v3 base score 
of 4.2 has been calculated; the CVSS vector string is 
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) allows reinstallation of the group 
temporal key (GTK) during the four-way handshake, allowing an attacker within
radio range to replay frames from access points to clients.

CVE-2017-13078 has been assigned to this vulnerability. A CVSS v3 base score 
of 4.2 has been calculated; the CVSS vector string is 
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows 
reinstallation of the integrity group temporal key (IGTK) during the four-way
handshake, allowing an attacker within radio range to spoof frames from access
points to clients.

CVE-2017-13079 has been assigned to this vulnerability. A CVSS v3 base score 
of 5.9 has been calculated; the CVSS vector string is 
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) allows reinstallation of the group 
temporal key (GTK) during the group key handshake, allowing an attacker within
radio range to replay frames from access points to clients.

CVE-2017-13080 has been assigned to this vulnerability. A CVSS v3 base score 
of 4.2 has been calculated; the CVSS vector string is 
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows 
reinstallation of the integrity group temporal key (IGTK) during the group key
handshake, allowing an attacker within radio range to spoof frames from access
points to clients.

CVE-2017-13081 has been assigned to this vulnerability. A CVSS v3 base score 
of 4.2 has been calculated; the CVSS vector string is 
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) that supports IEEE 802.11r allows 
reinstallation of the pairwise transient key (PTK) temporal key (TK) during 
the fast BSS transmission (FT) handshake, allowing an attacker within radio 
range to replay, decrypt, or spoof frames.

CVE-2017-13082 has been assigned to this vulnerability. A CVSS v3 base score 
of 6.8 has been calculated; the CVSS vector string is 
(AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) allows reinstallation of the 
station-to-station-link (STSL) transient key (STK) during the PeerKey 
handshake, allowing an attacker within radio range to replay, decrypt, or 
spoof frames.

CVE-2017-13084 has been assigned to this vulnerability. A CVSS v3 base score 
of 6.8 has been calculated; the CVSS vector string is 
(AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) allows reinstallation of the tunneled 
direct-link setup (TDLS) peer key (TPK) during the TDLS handshake, allowing an
attacker within radio range to replay, decrypt, or spoof frames.

CVE-2017-13086 has been assigned to this vulnerability. A CVSS v3 base score 
of 6.8 has been calculated; the CVSS vector string is 
(AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) that support 802.11v allows 
reinstallation of the group temporal key (GTK) when processing a wireless 
network management (WNM) sleep mode response frame, allowing an attacker 
within radio range to replay frames from access points to clients.

CVE-2017-13087 has been assigned to this vulnerability. A CVSS v3 base score 
of 4.2 has been calculated; the CVSS vector string is 
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

SECURITY FEATURES CWE-254

Wi-Fi protected access (WPA and WPA2) that support 802.11v allows 
reinstallation of the integrity group temporal key (IGTK) when processing a 
wireless network management (WNM) sleep mode response frame, allowing an 
attacker within radio range to replay frames from access points to clients.

CVE-2017-13088 has been assigned to this vulnerability. A CVSS v3 base score 
of 4.2 has been calculated; the CVSS vector string is 
(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

RESEARCHER

Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered 
these vulnerabilities.

BACKGROUND

Critical Infrastructure Sectors: Chemical, Energy, Food and Agriculture, 
Healthcare and Public Health, Transportation Systems, and Water and Wastewater
Systems

Countries/Areas Deployed: Worldwide

Company Headquarters Location: Germany

Contact Information

For any questions related to this report, please contact the NCCIC at:

Email: NCCICCUSTOMERSERVICE@hq.dhs.gov (link sends e-mail)

Toll Free: 1-888-282-0870

For industrial control systems cybersecurity information: 
http://ics-cert.us-cert.gov

or incident reporting: https://ics-cert.us-cert.gov/Report-Incident?

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWic9Tox+lLeg9Ub1AQgBDw//UC0s4fxXpHBzql1NpTSvoFPI5aAJPfZ9
z8kjgXSUlawGmbA4zv82IS3JVnsFCjTgYfgtGkeefflU82pjMe4+BXeYezpqnbjO
fLbwXu8EFRfRHNqjPe7ZlcqLo9EpxAv2J55c4smvtNctPj+ytxErYqqh9CXS/tKP
Itd0V4VgFQ8Cknio4cT8o3uBv+vi8XNqie9y3VIPRtUpubFEQ2MIAq4eRGxxUS/B
IUUdQwrjvFMgSbv5T8D6BNu5sM1izZ336r8l3giYGC9GcirL8S8WN1Yf+kqhdVDF
0a8T1KT/z+jTHHr/yT9qXnqBQqQWYlb7wL+/Mh5DQBCdMXs/FHjuT/E8VMZsVRty
+A9In8djW4J5r/hGSRCH95nbFOAx3Nwqe/8l6WuaUejVs8pKT/1X3moImWfhZYNP
IMGPZyEcobBSHviL/Qc+7IHQL58IDD0aJhOzvcrn6ISV5wH6wjN7r2ZiBZvkT6gQ
yZs2tgEpqSLGFVq3jrSkKCpeZV1aeZ1EKASgTF64CfsFEbJASj9e/z9nzqXAyssI
CBsiHdOg/vlb8z1PA1k0LCkFCQpHcny8owtlaVQcPm8pnXJnXZS9HKLzFIw2rf3Q
4Ulkt1s786zjg62nKa6gWwGGPAuqQBQOBBSI54n7s7VtIPJ+xtjVDtvgR2vYnAgR
M4OjPKPAodQ=
=Y6Is
-----END PGP SIGNATURE-----

« Back to bulletins