RuggedCom Private Key Vulnerability

Tuesday, August 21, 2012 @ 06:08 PM gHale


There is a hard-coded RSA SSL private key vulnerability within RuggedCom’s Rugged Operating System (ROS), according to a report on ICS-CERT.

The vulnerability with proof-of-concept (PoC) exploit code ended up publicly presented by security researcher Justin W. Clarke of Cylance Inc. The vulnerability can decrypt SSL traffic between an end user and a RuggedCom network device.

RELATED STORIES
Tridium Patches Software Bugs
Siemens Patches Database Hole
SpecView Hole in SCADA/HMI line
Siemens Default Password Hole

The vendor is aware of the report and is looking into the issue.

The report included vulnerability details and PoC exploit code for the following remotely exploitable vulnerability: Key management errors which could lead to a loss of system integrity.

Justin W. Clarke reported an attacker could identify the RSA Private PKI key for SSL communication between a client/user and a RuggedCom switch in the ROS. An attacker may use the key to create malicious communication to a RuggedCom network device.



Leave a Reply

You must be logged in to post a comment.