Vulnerability Note VU#154307
Synel SY-780/A terminal denial-of-service vulnerability
Synel SY-780/A terminals contain a denial-of-service vulnerability when specific ports of the device are scanned.
According to Synel's website the SY-780/A terminal is a stand-alone device used for time & attendance monitoring, production floor control, job costing, and access control applications. It has been reported that performing a port or vulnerability scan against this device or specifically hitting ports 1641, 3734 or 3735, will cause the device to stop responding completely.
If an attacker performs a port scan on the SY-780/A terminal, that attacker can completely lock the device, making the device inaccessible.
We are currently unaware of a practical solution to this problem.
Restrict network access
As a general good security practice, only allow connections from trusted hosts and networks.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Synel||Affected||-||29 Jun 2012|
CVSS Metrics (Learn More)
Thanks to the reporter that wishes to remain anonymous.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-2970
- Date Public: 09 Jul 2012
- Date First Published: 09 Jul 2012
- Date Last Updated: 09 Jul 2012
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.