Security Analysis of Devices That Support SCPI and VISA Protocols

When a legacy protocol is connected via Ethernet, and subsequently to the internet, security issues arise. Standard Commands for Programmable Instruments (SCPI) is a legacy protocol that many advanced measurement instruments support. It can be issued via General Purpose Interface Bus (GPIB), Universal Asynchronous Receiver/Transmitter (UART), Universal Serial Bus (USB), or Ethernet. However, it is important to note that authentication is not innate in this protocol.

The SCPI protocol, now 30 years old, was initially designed for sensors communicating over serial lines. It was designed as a simple ASCII text protocol that makes adoption via different languages and hardware interfaces as easy as possible. (Even today, the SCPI consortium references SCPI as a standard that works well over RS-232 interfaces and with the BASIC programing language.)

Read more…
Source: Trend Micro