CRITICAL🇵🇱 Wersja polska

CVE-2025-54304

CVSS 9.8v3.1pub. 2025-12-04upd. 2025-12-16

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from 127.0.0.1 and 192.168.2.15. If a device is powered on and later connected to a network with DHCP, the device may not be assigned the 192.168.2.15 IP address, leaving the display server accessible by other devices on the network. The exposed X11 display server can then be used to gain root privileges and the ability to execute code remotely by interacting with matchbox-desktop and spawning a terminal. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

🤖 AI Analysis
How it works

When the device is powered on, an X11 server is automatically launched, which listens on all network interfaces on port 6000. The X11 server's default access control list (ACL) allows connections only from addresses 127.0.0.1 and 192.168.2.15. The problem occurs when the device is connected to a network with DHCP after startup — it may then receive an IP address different from 192.168.2.15, and the X11 server remains accessible to other devices on the network without any additional verification. An attacker gaining access to the X11 server can interact with the matchbox-desktop manager, launch a terminal, and thus execute arbitrary code with root privileges.

Impact

An unauthenticated attacker can obtain full root privileges on the device and remotely execute arbitrary code (RCE), resulting in complete loss of confidentiality, integrity, and availability of the system.

Mitigation & patch

The manufacturer does not provide patches because the product is no longer supported. It is recommended to isolate devices from the network or implement network segmentation (firewall, dedicated VLAN) that prevents access to port 6000/TCP from outside. If device usage is necessary, ensure that after startup and before connecting to the DHCP network, the device obtains the IP address 192.168.2.15, or implement network-level access control that blocks traffic to port 6000. It is recommended to retire the devices from service and replace them with supported equivalents.

Who is affected

Thermo Fisher Ion Torrent OneTouch 2 (model INS1005527) — affects the firmware and the device itself. The manufacturer no longer supports these devices.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Thermofisher Ion Torrent Onetouch 2

    HW
    Thermofisher
    wszystkie wersje
  • Thermofisher Ion Torrent Onetouch 2 Firmware

    OS
    Thermofisher
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-53963CRITICAL9.8PL ✓ten sam produkt

Słabe domyślne hasło root w urządzeniu Thermo Fisher Ion Torrent OneTouch 2

CVE-2025-54303CRITICAL9.8PL ✓ten sam vendor

Domyślne słabe poświadczenia w Thermo Fisher Torrent Suite Software

CVE-2017-11349CRITICAL9.8ten sam vendor

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sen...

CVE-2017-11165CRITICAL9.8ten sam vendor

dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration informati...

CVE-2025-54305HIGH7.8ten sam vendor

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares i...