Title: Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials
Advisory ID: ZSL-2023-5764
Type: Local/Remote
Impact: System Access, Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 10.04.2023
Summary
PolyEco is the innovative family of high-end digitalFM transmitters of Sielco. They are especially suited as highperformance power system exciters or compact low-mid powertransmitters. The same cabinet may in fact be fitted with 50,100, 300, 500, 1000W power stage (PolyEco50, 100, 300, 500,1000).
All features can be controlled via the large touch-screen display4.3\” or remotely. Many advanced features are inside by defaultin the basic version such as: stereo and RDS encoder, audiochange-over, remote-control via LAN and SNMP, \”FFT\” spectralanalysis of the audio sources, SFN synchronization and much more.
Description
The FM transmitter uses a weak set of default administrativecredentials that can be easily guessed in remote password attacksand gain full control of the system.
Vendor
Sielco S.r.l – https://www.sielco.org
Affected Version
PolyEco1000 CPU:2.0.6 FPGA:10.19
PolyEco1000 CPU:1.9.4 FPGA:10.19
PolyEco1000 CPU:1.9.3 FPGA:10.19
PolyEco500 CPU:1.7.0 FPGA:10.16
PolyEco300 CPU:2.0.2 FPGA:10.19
PolyEco300 CPU:2.0.0 FPGA:10.19
Tested On
lwIP/2.1.1 (http://savannah.nongnu.org/projects/lwip)
Vendor Status
[26.01.2023] Vulnerability discovered.
[27.01.2023] Contact with the vendor and CSIRT Italia.
[09.04.2023] No response from the vendor.
[09.04.2023] No response from the CSIRT team.
[10.04.2023] Public security advisory released.
PoC
sielco_polyeco_creds.txt
Credits
Vulnerability discovered by Gjoko Krstic – <gjoko@zeroscience.mk>
References
N/A
Changelog
[10.04.2023] – Initial release
Contact
Zero Science Lab
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Source: php.4675-3202-LSZ/seitilibarenluv/ne/km.ecneicsorez.www
