Sielco PolyEco FM Transmitter

Act Now9.8ICS-CERT ICSA-23-299-07Oct 26, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Sielco PolyEco FM Transmitter (PolyEco1000, PolyEco500, PolyEco300 models) contains multiple vulnerabilities including session hijacking (CWE-384), weak password recovery mechanisms (CWE-307), and insufficient access controls (CWE-284). These flaws allow an attacker to escalate privileges, access restricted pages, or hijack user sessions. Sielco has not responded to CISA mitigation requests and no patch is available for any affected version.

What this means

What could happen

An attacker could gain administrative control of the PolyEco transmitter, allowing them to modify transmitted data, change device settings, or disrupt the facility's ability to monitor or control critical operations.

Who's at risk

This vulnerability affects operators of Sielco PolyEco FM Transmitters (models 1000, 500, and 300) used in industrial facilities for remote data transmission and monitoring. Any facility using these devices for SCADA telemetry, process monitoring, or remote equipment control is at risk.

How it could be exploited

An attacker with network access to the device could exploit session hijacking or weak authentication mechanisms to gain unauthorized access without valid credentials, then escalate privileges to administrative level to modify transmitter configuration or data output.

Prerequisites

Network access to the PolyEco transmitter device on TCP ports used by the web interface (typically 80 or 443)
Device must be accessible from the attacker's network segment (no authentication required for initial exploitation)

remotely exploitableno authentication requiredlow complexityno patch availablecritical CVSS (9.8)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (6)

6 pending

ProductAffected VersionsFix Status

PolyEco1000: FPGA_10.19_CPU_2.0.6FPGA 10.19 CPU 2.0.6No fix yet

PolyEco1000: FPGA_10.19_CPU_1.9.4FPGA 10.19 CPU 1.9.4No fix yet

PolyEco1000: FPGA_10.19_CPU_1.9.3FPGA 10.19 CPU 1.9.3No fix yet

PolyEco500: FPGA_10.16_CPU_1.7.0FPGA 10.16 CPU 1.7.0No fix yet

PolyEco300: FPGA_10.19_CPU_2.0.2FPGA 10.19 CPU 2.0.2No fix yet

PolyEco300: FPGA_10.19_CPU_2.0.0FPGA 10.19 CPU 2.0.0No fix yet

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement network segmentation to isolate the PolyEco transmitter from direct internet access and untrusted networks

WORKAROUNDDeploy a firewall rule to restrict access to the PolyEco transmitter to only authorized engineering workstations and control networks

WORKAROUNDIf remote access is required, implement a VPN with strong encryption and multi-factor authentication as the sole access path to the device

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Sielco customer support to determine if a future patch is planned or if the product is end-of-life, and plan for replacement or upgrade to a patched version

Long-term hardening

0/1

HARDENINGImplement network monitoring and intrusion detection around the PolyEco transmitter to detect suspicious login attempts or session hijacking activity

CVEs (7)

CVE-2023-0897 CVE-2023-5754 CVE-2023-46661 CVE-2023-46662 CVE-2023-46663 CVE-2023-46664 CVE-2023-46665

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0824a60e-2d10-477c-8b74-8dbc5500fc7b