Researchers discovered that an oscilloscope from Siglent Technologies is affected by several potentially serious vulnerabilities that could allow hackers to tamper with measurements.
The flaws were identified by SEC Consult in SDS1000X-E series super phosphor oscilloscopes, one of the latest products launched by Siglent, a China-based company that specializes in measurement products. The impacted product costs roughly $400 and it has been named by at least one website the best oscilloscope in its price range.
SEC Consult found that the device has two backdoor accounts that can be accessed by an attacker with access to the local network over telnet on port 23. The accounts provide root access to the device and they have hardcoded passwords that are not easy to change.
The cybersecurity firm also reported that the EasyScopeX software provided by Siglent for the SDS1202X-E oscilloscope can be accessed without authentication from any computer on the network, and the application communicates using unencrypted TCP packets, which makes it easy to intercept data. The EasyScopeX app allows users to configure the device and interact with it.
Finally, the company’s researchers discovered that multiple components embedded in the firmware, including BusyBox, GNU libc and the Linux kernel, are outdated and known to have various types of vulnerabilities.
“Any malicious modification of measurement values may have serious impact on the product or service which is created or offered by using this oscilloscope. Therefore, all procedures which are executed with this device are untrustworthy,” SEC Consult said in its advisory.
SEC Consult notified Siglent of the vulnerabilities through Germany’s VDE CERT in August and while a sales person confirmed receiving the vulnerability report, no patch and no status updates have been provided by the vendor. Its official website lists one recent firmware update for the SDS1202X-E oscilloscope, but that was released before the security holes were discovered.
Researchers identified the vulnerabilities in a device running version V5.1.3.13 of the firmware, but they believe other versions are likely affected as well.
VDE CERT is also expected to release an advisory describing these vulnerabilities.
SecurityWeek has reached out to the vendor for comment and will update this article if the company responds.
UPDATE 11/5/2018. Siglent has provided the following statement:
Siglent Technologies is fully committed to providing its customers with safe and secure firmware for all of its test and measurement products. While most test instruments, such as oscilloscopes, are connected to small localized networks and not accessible from the outside, we realize the growing trend for internet connected devices opens up new risks that are being addressed within our engineering and product development process.
Siglent’s team of engineers is constantly developing firmware updates to address advanced technology features, as well as internet security updates to prevent the risk of network attacks. Siglent prides itself in being a global leader for hardware and software development in the test and measurement industry. We will continue to support our customers with firmware updates to stay ahead of potential security risks as they emerge in a time where vulnerability is becoming increasingly prevalent. Please contact Siglent directly if you have any concerns about the security or your Siglent test instrument.
Related: Hardcoded Backdoor Found on Western Digital Storage Devices
Related: Backdoor Found in DBLTek GSM Gateways
Related: Stealthy Admin Accounts Found in Hybrid Office 365 Deployments