Sielco Radio Link and Analog FM Transmitters
Act Now9.8ICS-CERT ICSA-23-299-08Oct 26, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Sielco PolyEco FM Transmitters and Radio Links contain multiple privilege escalation, access control, and session hijacking vulnerabilities. CWE-284 (improper access control) and CWE-267 (improper privilege management) allow unauthorized users to escalate privileges or access restricted pages. CWE-352 (missing CSRF protection) enables session hijacking. Affected devices include EXC5000GX, EXC120GX, EXC300GX, EXC1600GX, EXC2000GX, EXC1000GX, EXC3000GX, EXC30GT, EXC300GT, EXC100GT, EXC5000GT, EXC1000GT, EXC120GT (firmware versions 1.5.4–2.12), and Radio Links RTX19 and EXC19 (firmware versions 1.55–2.06). Sielco has not worked with CISA on mitigation and has not released patches.
What this means
What could happen
An attacker with network access could escalate privileges on FM transmitters or radio links, access restricted configuration pages, or hijack operator sessions, potentially allowing unauthorized control of broadcast equipment or disruption of radio communications.
Who's at risk
Broadcast and radio communications operators using Sielco Analog FM transmitters (EXC series at versions 1.5.4–2.12) and Sielco Radio Links (RTX19 and EXC19 at versions 1.55–2.06) are at risk. This includes public radio stations, emergency broadcast systems, and utility companies that rely on radio links for remote facility management and control.
How it could be exploited
An attacker sends a network request to the affected transmitter or radio link's web interface. The device fails to properly validate user permissions (CWE-284, CWE-267) and lacks CSRF protection (CWE-352), allowing the attacker to access restricted functions or perform privileged actions without valid credentials or proper session verification.
Prerequisites
- Network access to the transmitter or radio link web interface (port 80/443)
- No authentication required for exploitation
- Device must be reachable from attacker's network segment
remotely exploitableno authentication requiredlow complexityno patch availableaffects control of broadcast/radio infrastructure
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (21)
21 EOL
ProductAffected VersionsFix Status
Analog FM transmitter (EXC5000GX): 2.122.12No fix (EOL)
Analog FM transmitter (EXC120GX): 2.122.12No fix (EOL)
Analog FM transmitter (EXC1600GX): 2.102.10No fix (EOL)
Analog FM transmitter (EXC2000GX): 2.102.10No fix (EOL)
Analog FM transmitter (EXC1000GX): 2.082.08No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict network access to FM transmitters and radio links—place them behind firewalls and isolate from business networks and the internet
HARDENINGIf remote access is required, use a VPN to create a secure tunnel and implement network segmentation to limit lateral movement
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGApply the principle of least privilege: restrict operator accounts to necessary functions only, use separate admin accounts for configuration changes
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Analog FM transmitter (EXC5000GX): 2.12, Analog FM transmitter (EXC120GX): 2.12, Analog FM transmitter (EXC1600GX): 2.10, Analog FM transmitter (EXC2000GX): 2.10, Analog FM transmitter (EXC1000GX): 2.08, Analog FM transmitter (EXC3000GX): 2.07, Analog FM transmitter (EXC30GT): 1.7.7, Analog FM transmitter (EXC100GT): 1.7.4, Analog FM transmitter (EXC5000GT): 1.7.4, Analog FM transmitter (EXC1000GT): 1.6.3, Analog FM transmitter (EXC120GT): 1.5.4, Radio Link (RTX19): 2.06, Radio Link (EXC19): 2.00, Radio Link (EXC19): 1.55, Analog FM transmitter (EXC5000GX): 2.06, Analog FM transmitter (EXC300GX): 2.11, Analog FM transmitter (EXC1600GX): 2.08, Analog FM transmitter (EXC300GT): 1.7.4, Radio Link (RTX19): 2.05, Radio Link (RTX19): 1.60, Radio Link (RTX19): 1.59. Apply the following compensating controls:
HARDENINGMonitor for suspicious activity on transmitter and radio link management interfaces and report findings to CISA
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f3e5236e-06eb-42eb-b98f-9753a6dfaf60