There is a hard-coded RSA SSL private key vulnerability within RuggedCom’s Rugged Operating System (ROS), according to a report on ICS-CERT.

The vulnerability with proof-of-concept (PoC) exploit code ended up publicly presented by security researcher Justin W. Clarke of Cylance Inc. The vulnerability can decrypt SSL traffic between an end user and a RuggedCom network device.

Tridium Patches Software Bugs
Siemens Patches Database Hole
SpecView Hole in SCADA/HMI line
Siemens Default Password Hole

The vendor is aware of the report and is looking into the issue.

The report included vulnerability details and PoC exploit code for the following remotely exploitable vulnerability: Key management errors which could lead to a loss of system integrity.

Schneider Bold

Justin W. Clarke reported an attacker could identify the RSA Private PKI key for SSL communication between a client/user and a RuggedCom switch in the ROS. An attacker may use the key to create malicious communication to a RuggedCom network device.

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest

Share This