MidnightBSD

Advisories for siglent

CVE-2023-25366

In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.

Products Affected

Vendor Product Version
siglent sds_1104x-e_firmware sds1xx4x-e_v6.1.37r9.ads
CVE-2023-25367

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server.

Products Affected

Vendor Product Version
siglent sds1204x-e_firmware 6.1.37r9.ads
siglent sds1074x-e_firmware 6.1.37r9.ads
siglent sds1104x-e_firmware 6.1.37r9.ads
CVE-2023-25368

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware.

Products Affected

Vendor Product Version
siglent sds1204x-e_firmware 6.1.37r9.ads
siglent sds1074x-e_firmware 6.1.37r9.ads
siglent sds1104x-e_firmware 6.1.37r9.ads
CVE-2023-25369

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command.

Products Affected

Vendor Product Version
siglent sds1204x-e_firmware 6.1.37r9.ads
siglent sds1074x-e_firmware 6.1.37r9.ads
siglent sds1104x-e_firmware 6.1.37r9.ads