RuggedCom Backdoor Vulnerability

Wednesday, April 25, 2012 @ 11:04 PM gHale


Vulnerability details and Proof of Concept code released for RuggedCom’s RuggedSwitch and RuggedServer devices using Rugged Operating System (ROS), according to a report on ICS-CERT.

RuggedCom is suffering from a default backdoor user account with a password with trivial encoding.

RELATED STORIES
Certec Patches Vulnerabilities
Koyo Finalizes Firmware Fix
MICROSYS Patches SCADA/HMI Line
Siemens Scalance Line Vulnerabilities

These network devices see use in a variety of network applications, including industrial control systems (ICS).

The vulnerability is exploitable by generating a password from known data about the device, according to this report. This report, released by independent security researcher Justin W. Clarke, followed an attempted but unsuccessful coordination with the vendor.

ICS-CERT issued an alert to provide notice of the public report and identify baseline mitigations for reducing risks to this cyber security issue.

The report included vulnerability details and PoC exploit code for the following vulnerability: The remotely exploitable vulnerability has weak cryptography for passwords which, as a result, could lead to complete administrative control of the device.

These devices also see use for serial-to-ip conversation in SCADA systems, and they support MODBUS and DNP3.

The following ROS versions suffer from the issue:
• 3.2.x and earlier (see note below)
• 3.3.x and above

Users running 3.2.x and earlier need to update to the latest release in order to have the capability to disable telnet and remote shell (rsh).

RuggedCom is advising ROS customers to disable the rsh (remote shell) service and set the number of Telnet connections allowed to 0. The researcher stated the back door will not work over ssh (secure shell) or the web interface. With these recommendations, the back door will only be accessible via the local serial interface (RS232). ICS-CERT has not fully verified these mitigations.
ICS-CERT is currently coordinating with the security researcher, CERT/CC, and Siemens ProductCERT to identify useful mitigations.

Siemens acquired RuggedCom earlier this year.



Leave a Reply

You must be logged in to post a comment.