Das digitale Oszilloskop SDS 1202X-E der Firma SIGLENT TECHNOLOGIES ist von mehreren Schwachstellen (u.a. "Hardcoded Backdoor Account") betroffen.
Die Firma SEC Consult hat dazu ein Advisory veröffentlicht.
Update A, 5.12.2018
SIGLENT TECHNOLOGIES hat nach Veröffentlichung des Advisories folgende Response dazu abgegeben:
Siglent Technologies is fully committed to providing its customers with safe and secure firmware for all of its test and measurement products. While most test instruments, such as oscilloscopes, are connected to small localized networks and not accessible from the outside, we realize the growing trend for internet connected devices opens up new risks that are being addressed within our engineering and product development process. Siglent’s team of engineers is constantly developing firmware updates to address advanced technology features, as well as internet security updates to prevent the risk of network attacks. Siglent prides itself in being a global leader for hardware and software development in the test and measurement industry. We will continue to support our customers with firmware updates to stay ahead of potential security risks as they emerge in a time where vulnerability is becoming increasingly prevalent.
Please contact Siglent directly if you have any concerns about the security or your Siglent test instrument. www.siglenteu.com/contact-us