Multiple Holes in Digital Oscilloscope

Wednesday, December 5, 2018 @ 02:12 PM gHale

A digital oscilloscope suffers from multiple vulnerabilities such as hardcoded backdoor accounts or missing authentication, researchers said.

The Siglent Technologies SDS 1202X-E Digital Oscilloscope suffers from hardcoded backdoor accounts, missing authentication/design issue, unencrypted communication, and outdated and vulnerable software components, said researchers at SEC Consult.

RELATED STORIES
SpiderControl SCADA WebServer Hole Fixed
Update Fixes Omron CX-One Holes
Pilz Fixes Safety Controller Hole
Holes in INVT Electric VT-Designer

SEC Consult discovered the vulnerabilities Aug. 8, but Siglent has been unresponsive and did not provide a patch.

Siglent is an international high-tech company, concentrating on R&D, sales, production and services of measurement products, according to its website.

“The identified backdoor accounts are accessible through Telnet, hence a compromise of the device via a local network attack is possible,” researchers said in a post. “Any malicious modification of measurement values may have serious impact on the product or service which is created or offered by using this oscilloscope. Therefore, all procedures which are executed with this device are untrustworthy.”
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-siglent-technologies-sds-1202x-e-digital-oscilloscope/

SEC Consult recommended not to use this product within a network of a production environment until a thorough security review has been performed by security professionals and all identified issues have been resolved.

The following is an overview of the vulnerabilities:

Hardcoded Backdoor Accounts: Two backdoor accounts are present on the system. A Telnet service is listening on port 23 which enables an attacker to connect as root to the oscilloscope via LAN.

The password hashes are hardcoded and are difficult to change for the end user because the “shadow” file is stored on a cramfs (intentionally read-only) file system.

Missing Authentication/Design Issue: The software “EasyScopeX” can be used from any computer in the network to configure and interact with the oscilloscope. This is possible without prior authentication which enables everyone to change settings on the oscilloscope.

Unencrypted Communication: The software “EasyScopeX” communicates via unencrypted TCP packets with the client computer/oscilloscope.

Outdated and Vulnerable Software Components: Multiple software components embedded in the firmware are outdated and found to be vulnerable to various publicly known security issues.



Leave a Reply

You must be logged in to post a comment.