Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zeroscienceGjoko KrsticZSL-2023-5764
HistoryApr 10, 2023 - 12:00 a.m.

Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials

2023-04-1000:00:00
Gjoko Krstic
zeroscience.mk
131
sielco polyeco sielco s.r.l weak credentials remote attack full control vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Title: Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials
Advisory ID: ZSL-2023-5764
Type: Local/Remote
Impact: System Access, Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 10.04.2023

Summary

PolyEco is the innovative family of high-end digital FM transmitters of Sielco. They are especially suited as high performance power system exciters or compact low-mid power transmitters. The same cabinet may in fact be fitted with 50, 100, 300, 500, 1000W power stage (PolyEco50, 100, 300, 500, 1000).

All features can be controlled via the large touch-screen display 4.3" or remotely. Many advanced features are inside by default in the basic version such as: stereo and RDS encoder, audio change-over, remote-control via LAN and SNMP, “FFT” spectral analysis of the audio sources, SFN synchronization and much more.

Description

The FM transmitter uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

Vendor

Sielco S.r.l - <https://www.sielco.org>

Affected Version

PolyEco1000 CPU:2.0.6 FPGA:10.19
PolyEco1000 CPU:1.9.4 FPGA:10.19
PolyEco1000 CPU:1.9.3 FPGA:10.19
PolyEco500 CPU:1.7.0 FPGA:10.16
PolyEco300 CPU:2.0.2 FPGA:10.19
PolyEco300 CPU:2.0.0 FPGA:10.19

Tested On

lwIP/2.1.1 (http://savannah.nongnu.org/projects/lwip)

Vendor Status

[26.01.2023] Vulnerability discovered.
[27.01.2023] Contact with the vendor and CSIRT Italia.
[09.04.2023] No response from the vendor.
[09.04.2023] No response from the CSIRT team.
[10.04.2023] Public security advisory released.

PoC

sielco_polyeco_creds.txt

Credits

Vulnerability discovered by Gjoko Krstic - <[email protected]>

References

[1] <https://packetstormsecurity.com/files/171865/&gt;
[2] <https://exchange.xforce.ibmcloud.com/vulnerabilities/253061&gt;
[3] <https://exchange.xforce.ibmcloud.com/vulnerabilities/269698&gt;
[4] <https://nvd.nist.gov/vuln/detail/CVE-2023-5754&gt;
[5] <https://vulners.com/cve/CVE-2023-5754&gt;

Changelog

[10.04.2023] - Initial release
[03.11.2023] - Added reference [1], [2], [3], [4] and [5]

Contact

Zero Science Lab

Web: <https://www.zeroscience.mk>
e-mail: [email protected]

<html><body><p>Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials


Vendor: Sielco S.r.l
Product web page: https://www.sielco.org
Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19
                  PolyEco1000 CPU:1.9.4 FPGA:10.19
                  PolyEco1000 CPU:1.9.3 FPGA:10.19
                  PolyEco500 CPU:1.7.0 FPGA:10.16
                  PolyEco300 CPU:2.0.2 FPGA:10.19
                  PolyEco300 CPU:2.0.0 FPGA:10.19

Summary: PolyEco is the innovative family of high-end digital
FM transmitters of Sielco. They are especially suited as high
performance power system exciters or compact low-mid power
transmitters. The same cabinet may in fact be fitted with 50,
100, 300, 500, 1000W power stage (PolyEco50, 100, 300, 500,
1000).

All features can be controlled via the large touch-screen display
4.3" or remotely. Many advanced features are inside by default
in the basic version such as: stereo and RDS encoder, audio
change-over, remote-control via LAN and SNMP, "FFT" spectral
analysis of the audio sources, SFN synchronization and much more.

Desc: The FM transmitter uses a weak set of default administrative
credentials that can be easily guessed in remote password attacks
and gain full control of the system.

Tested on: lwIP/2.1.1 (http://savannah.nongnu.org/projects/lwip)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research and Development Laboratory
Zero Science Lab - https://www.zeroscience.mk - @zeroscience


Advisory ID: ZSL-2023-5764
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5764.php


26.01.2023

--


User role:
----------
Username: user
Password: 1234


Admin role:
-----------
Username: admin
Password: sielco1
</p></body></html>

Related

cvelist 1
prion 1
cve 1
nvd 1
ics 1
cvelist
cvelist
CVE-2023-5754 Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000
2023-10-26 19:47:06
prion
prion
Default credentials
2023-10-26 20:15:00
cve
cve
CVE-2023-5754
2023-10-26 20:15:08
nvd
nvd
CVE-2023-5754
2023-10-26 20:15:08
ics
ics
Sielco PolyEco FM Transmitter
2023-10-26 12:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON
Related for ZSL-2023-5764
cvelist1prion1cve1nvd1ics1