• Subscriber/Sign In
  • Register
  • About Us
isssource.com
  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • News
    • Careers
    • Government
    • Incidents
    • Industry Voices
    • Products and Services
    • Sending it Your Way
    • Technology Update
    • Views
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • Membership Contents
  • Archives

Breaking News

  • Fukushima Report: Robot Lifts Melted Fuel
  • TÜV, Nozomi Ink Partnership Pact
  • Pangea Patches Bypass Vulnerability
  • Fuji Fixes FRENIC Devices
  • ARC: Safety and Profitability Work Together
  • Public Needs to Know About Chem Releases: Judge
  • Robot Testing Radioactive Fuel at Fukushima
  • Siemens Fixes CP1604, CP1616 Holes
  • Siemens has Upgrade for Intel AMT
  • Siemens Fixes Hole in SIMATIC S7-300 CPU
  • Siemens has Licensing Software Fix for SICAM 230
  • Siemens Fixes Ethernet Communication Module, Relays
  • OSIsoft has Update for PI Vision Hole
  • First Responders Test Technology
  • Manufacturing Targeted in Hack Attack
  • Siemens Fixes SICAM A8000 RTU Series Hole
  • Read More

Chemical Safety Incidents

White Papers

  • A Year in Vulnerabilities
  • A Year in Threats
  • Year in Hunting and Responding
  • Finding the Competitive Edge
  • Going Digital
  • Visibility Leads to Knowledge
  • Tips to SCADA Security
  • Insurance Dilemma: Infrastructure Attacks
  • Monitoring a Growing Network
  • Integrated Approach to Protecting ICS
  • Analytics through Network Monitoring
  • Gaining Visibility on Malware Attacks
  • The Wireless Edge
  • Benefits of Virtualization
  • Wireless Reshaping IT/OT Network
  • Virtualizing Network: Benefits, Challenges
  • Read More

Sending It Your Way

  • aeSolutions Security Blog
  • exida Explains
  • Joel Langill: SCADAhacker
  • [In] Security Culture
  • Eric Byres: Practical SCADA Security
  • Department of Homeland Security
  • Jim Cahill
  • Dale Peterson
  • Industrial Defender
  • Wurldtech
  • Read More

RuggedCom Fixes Vulnerability

Tuesday, May 29, 2012 @ 01:05 PM gHale

RuggedCom produced new firmware that resolves a default backdoor user account with a weak password encryption vulnerability in the Rugged Operating System (ROS).

ICS-CERT tested the new firmware versions and confirmed they resolve the vulnerability, first identified by independent researcher Justin W. Clarke. This vulnerability is remotely exploitable and attacks that target this vulnerability are publicly available.

RELATED STORIES
Update Patches xArrow Holes
Measuresoft ScadaPro Upgrade
Pro-face Pro-Server Vulnerabilities
Wonderware SuiteLink Vulnerability

RuggedCom RuggedSwitch or RuggedServer devices that use ROS versions 3.2.x and earlier, and 3.3.x and above suffer from the issue.

An attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit.

RuggedCom makes network equipment for deployment in harsh environments. Their products can are in applications such as traffic control systems, railroad communications systems, power plants, electrical substations, and military sites. Beyond Layer 2 and Layer 3 networking, these devices also see use in serial-to-ip conversation in SCADA systems, and they support MODBUS and DNP3 protocols.

An undocumented backdoor account exists within all released versions of RuggedCom’s ROS. The username for the account, which a user cannot disable, is “factory” enabled, and its password is dynamically generated based on the device’s MAC address. CVE-2012-1803 is the number assigned to this vulnerability, which has a CVSS v2 base score of 8.5.

Version 3.10.1 of the ROS firmware with security-related fixes is now available from RuggedCom technical support at support@ruggedcom.com. Other ROS firmware versions containing the same security fixes (3.9.3, 3.8.5, 3.7.9, and 3.11.0) will release over the next few weeks on a staggered basis as development and testing wraps up. RuggedCom will release a product bulletin to notify customers when each of the new versions is available.

To address security issues, the following changes are in all the new ROS firmware versions:
• Removal of factory account
• Change default condition of insecure communication services to disabled
• Improve security for user account password storage
• Detection and alarm for weak password strength
• Removal of device information from standard login banner.

The new versions of the ROS firmware remove the factory account and the associated security vulnerability. Customers using these new versions of the firmware should take special care not to lose the user defined password to a device’s administrative account as recovering from a lost administrative password will now require physical access to the device to reset the passwords.

RuggedCom, owned and operated by Siemens, recommends that customers using ROS versions older than v3.7 upgrade to a newer version. If this is not possible, RuggedCom has indicated they will address updates to older versions of the firmware on a case-by-case basis.

Siemens issued security advisory “SSA-826381: Multiple Security Vulnerabilities in RuggedCom ROS-based Devices” regarding this vulnerability.



Leave a Reply

Click here to cancel reply.

You must be logged in to post a comment.

« Flame: ‘20 Times Larger than Stuxnet’
Pipelines: MI Projects OK’d; Leak in NY »

  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • View Spotlight Article
  • News
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • About Us
  • Membership Contents
  • Archive
  • Sitemap
  • Careers
  • Government
  • Incidents
  • Industry Voices
  • Products and Services
  • Sending it Your Way
  • Technology Update
  • Views
Policies
Copyright © 2019 isssource.com