Synel SY-780/A terminals contain a denial-of-service vulnerability when specific ports of the device are scanned.
According to Synel's website the SY-780/A terminal is a stand-alone device used for time & attendance monitoring, production floor control, job costing, and access control applications. It has been reported that performing a port or vulnerability scan against this device or specifically hitting ports 1641, 3734 or 3735, will cause the device to stop responding completely.
If an attacker performs a port scan on the SY-780/A terminal, that attacker can completely lock the device, making the device inaccessible.
We are currently unaware of a practical solution to this problem.
Restrict network access
As a general good security practice, only allow connections from trusted hosts and networks.
Thanks to the reporter that wishes to remain anonymous.
This document was written by Michael Orlando.
|Date First Published:||2012-07-09|
|Date Last Updated:||2012-07-09 11:41 UTC|