{"vuid":"VU#154307","idnumber":"154307","name":"Synel SY-780/A terminal denial-of-service vulnerability","keywords":["Synel","sy-780a","denial-of-service","DoS"],"overview":"Synel SY-780/A terminals contain a denial-of-service vulnerability when specific ports of the device are scanned.","clean_desc":"According to Synel's website the SY-780/A terminal is a stand-alone device used for time & attendance monitoring, production floor control, job costing, and access control applications. It has been reported that performing a port or vulnerability scan against this device or specifically hitting ports 1641, 3734 or 3735, will cause the device to stop responding completely.","impact":"If an attacker performs a port scan on the SY-780/A terminal, that attacker can completely lock the device, making the device inaccessible.","resolution":"Update The vendor has stated that this vulnerability has been addressed in firmware versions 9.0 and later. Users are advised to upgrade to firmware version 9.0 or later.","workarounds":"Restrict network access As a general good security practice, only allow connections from trusted hosts and networks.","sysaffected":"","thanks":"Thanks to the reporter that wishes to remain anonymous.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","w","w","w",".","s","y","n","e","l",".","c","o","m","/","t","i","m","e","-","a","n","d","-","a","t","t","e","n","d","a","n","c","e","/","s","y","-","7","8","0","a",".","h","t","m","l"],"cveids":["CVE-2012-2970"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-05-24T13:14:46Z","publicdate":"2012-07-09T00:00:00Z","datefirstpublished":"2012-07-09T11:41:46Z","dateupdated":"2012-07-09T11:41:47Z","revision":14,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"N","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.8","cvss_basevector":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvss_temporalscore":"6.3","cvss_environmentalscore":"1.9","cvss_environmentalvector":"CDP:LM/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}