Risk | High |
Patch available | NO |
Number of vulnerabilities | 2 |
CVE-ID | N/A |
CWE-ID | CWE-259 CWE-592 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
SDS 1202X-E Hardware solutions / Firmware |
Vendor | Siglent Technology |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU16229
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
Description
The vulnerability allows a remote attacker to gain full access to the affected system.
The vulnerability exists due to the password hashes are hardcoded and are difficult to change because the “shadow” file is stored on a cramfs (intentionally write-only) file system. A remote unauthenticated attacker can connect as root to the oscilloscope via LAN when Telnet service is listening on port 23.
MitigationCybersecurity Help is currently unaware of any official solutions to address the vulnerability.
Vulnerable software versionsSDS 1202X-E: 5.1.3.13
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU16230
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: No
Description
The vulnerability allows a remote attacker to bypass authentication on the affected system.
The vulnerability exists due to the software “EasyScopeX” can be used from any computer in the network to configure and interact with the oscilloscope. A remote unauthenticated attacker can bypass authentication and change settings on the oscilloscope.
MitigationCybersecurity Help is currently unaware of any official solutions to address the vulnerability.
Vulnerable software versionsSDS 1202X-E: 5.1.3.13
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.