search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Synel SY-780/A terminal denial-of-service vulnerability

Vulnerability Note VU#154307

Original Release Date: 2012-07-09 | Last Revised: 2012-07-09


Synel SY-780/A terminals contain a denial-of-service vulnerability when specific ports of the device are scanned.


According to Synel's website the SY-780/A terminal is a stand-alone device used for time & attendance monitoring, production floor control, job costing, and access control applications. It has been reported that performing a port or vulnerability scan against this device or specifically hitting ports 1641, 3734 or 3735, will cause the device to stop responding completely.


If an attacker performs a port scan on the SY-780/A terminal, that attacker can completely lock the device, making the device inaccessible.


We are currently unaware of a practical solution to this problem.

Restrict network access

As a general good security practice, only allow connections from trusted hosts and networks.

Vendor Information


Synel Affected

Updated:  June 29, 2012



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal 6.3 E:F/RL:W/RC:UC
Environmental 1.9 CDP:LM/TD:L/CR:ND/IR:ND/AR:ND



Thanks to the reporter that wishes to remain anonymous.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2012-2970
Date Public: 2012-07-09
Date First Published: 2012-07-09
Date Last Updated: 2012-07-09 11:41 UTC
Document Revision: 14

Sponsored by CISA.