CVEs I have discovered
- CVE-2023-25366 - 9.8 Crit - Insecure SCPI interface discloses web password in Siglent SDS 1104X-E Oscilliscope.
- CVE-2023-25367 - 9.8 Crit - Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server.
- CVE-2023-25368 - 7.5 High - Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmware.
- CVE-2023-25369 - 7.5 High - Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command.