CVE-2023-25367

Name of the Vulnerable Software and Affected Versions Siglent SDS 1104X-E version 6.1.37R9.ADS

Description The issue is related to unfiltered user input, which results in Remote Code Execution (RCE) through the SCPI interface or web server. This is due to insufficient input validation, allowing an attacker to execute arbitrary code remotely. The lack of authentication in the SCPI interface of the Siglent SDS1104X-E digital oscilloscope software is a key factor in this issue.

Recommendations For Siglent SDS 1104X-E version 6.1.37R9.ADS, consider disabling the SCPI interface or restricting access to the web server as a temporary workaround until a patch is available. Restricting input validation to prevent unfiltered user input can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.