CRITICAL🇵🇱 Wersja polska

CVE-2025-53963

CVSS 9.8v3.1pub. 2025-12-04upd. 2025-12-16

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with network connectivity can achieve root code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

🤖 AI Analysis
How it works

The device runs an SSH server listening on port 22 with a root account secured by the default password 'ionadmin'. Password change policy for the root account is not enforced, meaning the password can remain unchanged throughout the device's lifecycle. An attacker with network access to the device can log in via SSH using known, default credentials and obtain full root privileges without any additional escalation.

Impact

An attacker gains unlimited access to the system shell with root privileges, enabling complete device takeover, arbitrary code execution (RCE), data modification, and potential use of the device as an entry point to the laboratory network.

Mitigation & patch

The manufacturer no longer issues updates for this product (no support). Recommended immediate actions: immediately change the default root password 'ionadmin' to a strong, unique password; isolate the device from public networks and unauthorized network segments (e.g., via firewall or VLAN); restrict access to port 22 only to trusted IP addresses; consider discontinuing the device and replacing it with a supported model.

Who is affected

Thermo Fisher Ion Torrent OneTouch 2 devices (model INS1005527) with Ion Torrent OneTouch 2 firmware. The vulnerability only affects products that are no longer supported by the manufacturer.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Thermofisher Ion Torrent Onetouch 2

    HW
    Thermofisher
    wszystkie wersje
  • Thermofisher Ion Torrent Onetouch 2 Firmware

    OS
    Thermofisher
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-54304CRITICAL9.8PL ✓ten sam produkt

Niezabezpieczony serwer X11 w Thermo Fisher Ion Torrent OneTouch 2 umożliwia RCE z uprawnieniami root

CVE-2025-54303CRITICAL9.8PL ✓ten sam vendor

Domyślne słabe poświadczenia w Thermo Fisher Torrent Suite Software

CVE-2017-11349CRITICAL9.8ten sam vendor

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sen...

CVE-2017-11165CRITICAL9.8ten sam vendor

dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration informati...

CVE-2025-54305HIGH7.8ten sam vendor

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares i...