More Holes with RuggedCom

Tuesday, September 4, 2012 @ 06:09 PM gHale


There is a hard-coded RSA SSL private key within RuggedCom’s Rugged Operating System (ROS).

The vulnerability with proof-of-concept (PoC) exploit code first came out from security researcher Justin W. Clarke of Cylance Inc. According to this report, the remotely exploitable vulnerability can decrypt SSL traffic between an end user and a RuggedCom network device and result in a loss of system integrity.

RELATED STORIES
GarrettCom Patches Vulnerability
RuggedCom Private Key Vulnerability
Tridium Patches Software Bugs
Siemens Patches Database Hole

The vendor is aware of of the report and confirmed the vulnerability and is looking ro to identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations.

After ICS-CERT notified them of the vulnerability, further analysis by RuggedCom found similar holes in the ROX (ROX I and ROX II) operating system firmware and the RuggedMax operating system firmware. A fix for the identified vulnerability in ROX is available. For the SSH service of RuggedMax, an interim mitigation for the identified vulnerability is also available.

The following are products suffering from the issue:
• Devices using the ROS releases before and including ROS Main v3.11.0.
• ROX I OS firmware used by RX1000 and RX1100 series products. ROX I versions before and including ROX v1.14.5 are affected.
• ROX II OS firmware used by RX5000 and RX1500 series products. ROX II versions before and including ROX v2.3.0 are affected.
• RuggedMax Operating System Firmware used by the Win7000 and Win7200 base station units and the Win5100 and Win5200 subscriber (CPE) devices. All versions of the firmware released before and including 4.2.1.4621.22.

Clarke previously reported an attacker can identify the RSA Private PKI key for SSL communication between a client/user and a RuggedCom switch in the ROS. An attacker could use the key to decrypt management traffic and create malicious communication to a RuggedCom network device.

This vulnerability has no impact on encrypted data traffic passing through RuggedCom ROS, ROX, or RuggedMax BS devices, officials said.

Siemens, which owns RuggedCom, created the following interim mitigations in Security Advisory SSA-622607:

ROS Devices: RuggedCom is currently working to prepare a firmware update addressing the identified vulnerability in the ROS-based devices.

Until a fix for the related vulnerability releases, RuggedCom recommends owners/operators take precautions to prevent attackers from intercepting traffic between administration systems and ROS devices. Customers may also contact RuggedCom’s Customer Support Team for assistance.

ROX Devices: ROX device customers should change their SSL and SSH keys. RuggedCom application notes exist that explain how to change the SSL and SSH keys. Please consult App Note AN17 for ROX1.x versions of the firmware and App Note AN16 for ROX 2.x. These application notes can be obtained from RuggedCom’s Customer Support Team.

RuggedMax Devices: For SSH Service — RuggedMax SSH service, the customer has the capability to generate new keys. Each device (subscriber or base station) can trigger to generate a new SSH key by deleting the current key. Customers should generate new keys. RuggedCom Customer Support Team can show you the procedure on how to generate a new SSH key.

HTTPS/SSL Service — For the HTTPS access, a temporary solution exists with the current version of firmware to disable HTTPS access. For details on this procedure, contact the RuggedCom Customer Support Team.

Click here for RuggedCom’s Customer Support Web site.

Siemens ProductCERT has also issued Security Advisory SSA-622607 to address these vulnerabilities.



Leave a Reply

You must be logged in to post a comment.