CVE-2025-53963

Critical CVSS: 9.8

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with network connectivity can achieve root code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Vendor

Thermofisher

Product

Ion Torrent Onetouch 2 Firmware

CWE

CWE-521

Yayın Tarihi

2025-12-04 15:15:58

Güncelleme

2025-12-16 21:01:55

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-521 Ion Torrent Onetouch 2 Firmware CRITICAL Thermofisher 2025

Referanslar

https://assets.thermofisher.com/TFS-Assets/LSG/manuals/MAN0014388_IonOneTouch2Sys_UG.pdf https://documents.thermofisher.com/TFS-Assets/CORP/Product-Guides/Ion_OneTouch_2_and_Torrent_Suite_Software.pdf https://tools.thermofisher.cn/content/sfs/brochures/One_Touch_2_Spec_Sheet.pdf

Benzer Kayıtlar

High

CVE-2025-54306

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerabil…

High

CVE-2025-54307

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/uplo…

Critical

CVE-2025-54303

The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for…

Critical

CVE-2025-54304

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 dis…

High

CVE-2025-54305

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in…