RuggedCom Backdoor Patch in Works

Monday, April 30, 2012 @ 01:04 PM gHale


RuggedCom said they will release a patch within the next month that removes the backdoor access to address its vulnerability.

In addition, RuggedCom released a notification regarding this issue.

RELATED STORIES
Certec Patches Vulnerabilities
Koyo Finalizes Firmware Fix
MICROSYS Patches SCADA/HMI Line
Siemens Scalance Line Vulnerabilities

Last week, vulnerability details and Proof of Concept code released for RuggedCom’s RuggedSwitch and RuggedServer devices using Rugged Operating System (ROS), according to a report on ICS-CERT. RuggedCom is suffering from a default backdoor user account with a password with trivial encoding.

These network devices see use in a variety of network applications, including industrial control systems (ICS).

The vulnerability is exploitable by generating a password from known data about the device, according to this report. This report, released by independent security researcher Justin W. Clarke, followed an attempted but unsuccessful coordination with the vendor.

ICS-CERT issued an alert to provide notice of the public report and identify baseline mitigations for reducing risks to this cyber security issue.

The report included vulnerability details and PoC exploit code for the following vulnerability: The remotely exploitable vulnerability has weak cryptography for passwords which, as a result, could lead to complete administrative control of the device.

These devices also see use for serial-to-ip conversation in SCADA systems, and they support MODBUS and DNP3.

The following ROS versions suffer from the issue:
• 3.2.x and earlier (see note below)
• 3.3.x and above

Users running 3.2.x and earlier need to update to the latest release in order to have the capability to disable telnet and remote shell (rsh).

RuggedCom is advising ROS customers to disable the rsh (remote shell) service and set the number of Telnet connections allowed to 0. The researcher stated the back door will not work over ssh (secure shell) or the web interface. With these recommendations, the back door will only be accessible via the local serial interface (RS232). ICS-CERT has not fully verified these mitigations.

Siemens acquired RuggedCom earlier this year.



Leave a Reply

You must be logged in to post a comment.