There is a hard-coded RSA SSL private key vulnerability within RuggedCom’s Rugged Operating System (ROS), according to a report on ICS-CERT.
The vulnerability with proof-of-concept (PoC) exploit code ended up publicly presented by security researcher Justin W. Clarke of Cylance Inc. The vulnerability can decrypt SSL traffic between an end user and a RuggedCom network device.
The vendor is aware of the report and is looking into the issue.
The report included vulnerability details and PoC exploit code for the following remotely exploitable vulnerability: Key management errors which could lead to a loss of system integrity.
Justin W. Clarke reported an attacker could identify the RSA Private PKI key for SSL communication between a client/user and a RuggedCom switch in the ROS. An attacker may use the key to create malicious communication to a RuggedCom network device.