Security Experts:

Connect with us

Hi, what are you looking for?



Flaws in Siglent Oscilloscope Allow Hackers to Tamper With Measurements

Researchers discovered that an oscilloscope from Siglent Technologies is affected by several potentially serious vulnerabilities that could allow hackers to tamper with measurements.

Researchers discovered that an oscilloscope from Siglent Technologies is affected by several potentially serious vulnerabilities that could allow hackers to tamper with measurements.

The flaws were identified by SEC Consult in SDS1000X-E series super phosphor oscilloscopes, one of the latest products launched by Siglent, a China-based company that specializes in measurement products. The impacted product costs roughly $400 and it has been named by at least one website the best oscilloscope in its price range.Vulnerabilities found in Siglent SDS1000X-E Series Super Phosphor Oscilloscope

SEC Consult found that the device has two backdoor accounts that can be accessed by an attacker with access to the local network over telnet on port 23. The accounts provide root access to the device and they have hardcoded passwords that are not easy to change.

The cybersecurity firm also reported that the EasyScopeX software provided by Siglent for the SDS1202X-E oscilloscope can be accessed without authentication from any computer on the network, and the application communicates using unencrypted TCP packets, which makes it easy to intercept data. The EasyScopeX app allows users to configure the device and interact with it.

Finally, the company’s researchers discovered that multiple components embedded in the firmware, including BusyBox, GNU libc and the Linux kernel, are outdated and known to have various types of vulnerabilities.

“Any malicious modification of measurement values may have serious impact on the product or service which is created or offered by using this oscilloscope. Therefore, all procedures which are executed with this device are untrustworthy,” SEC Consult said in its advisory.

SEC Consult notified Siglent of the vulnerabilities through Germany’s VDE CERT in August and while a sales person confirmed receiving the vulnerability report, no patch and no status updates have been provided by the vendor. Its official website lists one recent firmware update for the SDS1202X-E oscilloscope, but that was released before the security holes were discovered.

Researchers identified the vulnerabilities in a device running version V5.1.3.13 of the firmware, but they believe other versions are likely affected as well.

VDE CERT is also expected to release an advisory describing these vulnerabilities.

SecurityWeek has reached out to the vendor for comment and will update this article if the company responds.

UPDATE 11/5/2018. Siglent has provided the following statement:

Siglent Technologies is fully committed to providing its customers with safe and secure firmware for all of its test and measurement products. While most test instruments, such as oscilloscopes, are connected to small localized networks and not accessible from the outside, we realize the growing trend for internet connected devices opens up new risks that are being addressed within our engineering and product development process.

Siglent’s team of engineers is constantly developing firmware updates to address advanced technology features, as well as internet security updates to prevent the risk of network attacks. Siglent prides itself in being a global leader for hardware and software development in the test and measurement industry. We will continue to support our customers with firmware updates to stay ahead of potential security risks as they emerge in a time where vulnerability is becoming increasingly prevalent. Please contact Siglent directly if you have any concerns about the security or your Siglent test instrument.

Related: Hardcoded Backdoor Found on Western Digital Storage Devices

Related: Backdoor Found in DBLTek GSM Gateways

Related: Stealthy Admin Accounts Found in Hybrid Office 365 Deployments

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.