Bret Mcdanel

#7898of 53,635
34.8Total CVSS
Vulnerabilities · 4
High
2
Critical
2
PT-2023-20037
9.8
2023-06-16
Siglent · Siglent Sds 1104X-E · CVE-2023-25366
**Name of the Vulnerable Software and Affected Versions** Siglent SDS 1104X-E version 6.1.37R9.ADS **Description** The issue concerns an insecure SCPI interface that discloses the web password. **Recommendations** For Siglent SDS 1104X-E version 6.1.37R9.ADS, consider restricting access to the SCPI interface until a patch is available.
PT-2023-20038
7.5
2023-06-14
Siglent · Siglent Sds 1104X-E · CVE-2023-25368
**Name of the Vulnerable Software and Affected Versions** Siglent SDS 1104X-E SDS1xx4X-E version V6.1.37R9.ADS **Description** The issue concerns Incorrect Access Control, allowing an unauthenticated attacker to overwrite firmware. **Recommendations** For Siglent SDS 1104X-E SDS1xx4X-E version V6.1.37R9.ADS, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-20039
7.5
2023-06-14
Siglent · Siglent Sds 1104X-E · CVE-2023-25369
**Name of the Vulnerable Software and Affected Versions** Siglent SDS 1104X-E version 6.1.37R9.ADS **Description** The issue is related to a Denial of Service (DoS) that can be triggered on the user interface by a malformed SCPI command. **Recommendations** For Siglent SDS 1104X-E version 6.1.37R9.ADS, consider restricting the use of SCPI commands until a patch is available to prevent potential Denial of Service attacks.
PT-2022-7700
10
2022-12-30
Siglent · Siglent Sds 1104X-E · CVE-2023-25367
**Name of the Vulnerable Software and Affected Versions** Siglent SDS 1104X-E version 6.1.37R9.ADS **Description** The issue is related to unfiltered user input, which results in Remote Code Execution (RCE) through the SCPI interface or web server. This is due to insufficient input validation, allowing an attacker to execute arbitrary code remotely. The lack of authentication in the SCPI interface of the Siglent SDS1104X-E digital oscilloscope software is a key factor in this issue. **Recommendations** For Siglent SDS 1104X-E version 6.1.37R9.ADS, consider disabling the SCPI interface or restricting access to the web server as a temporary workaround until a patch is available. Restricting input validation to prevent unfiltered user input can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.