CVE-2012-1803

Published: Apr 28, 2012Modified: Apr 29, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.

Affected (1)

Products: Siemens: Ruggedcom Rugged Operating System

1 product

Ruggedcom Rugged Operating System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rugged Operating System	From 3.2.0 to 3.10.1

Related CWEs

References (24)

http://archives.neohapsis.com/archives/bugtraq/2012-04/0186.html

Source: cret@cert.org

Broken Link

http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars

Source: cret@cert.org

Third Party Advisory

http://ics-cert.us-cert.gov/advisories/ICSA-12-146-01A

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://seclists.org/fulldisclosure/2012/Apr/277

Source: cret@cert.org

ExploitMailing ListThird Party Advisory

http://www.exploit-db.com/exploits/18779

Source: cret@cert.org

ExploitThird Party AdvisoryVDB Entry

http://www.kb.cert.org/vuls/id/889195

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/MAPG-8RCPEN

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.ruggedcom.com/productbulletin/ros-security-page/

Source: cret@cert.org

Broken LinkVendor Advisory

http://www.securityfocus.com/bid/53215

Source: cret@cert.org

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf

Source: cret@cert.org

Broken LinkThird Party AdvisoryUS Government Resource

http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/

Source: cret@cert.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/75120

Source: cret@cert.org

Third Party AdvisoryVDB Entry

http://archives.neohapsis.com/archives/bugtraq/2012-04/0186.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://ics-cert.us-cert.gov/advisories/ICSA-12-146-01A

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://seclists.org/fulldisclosure/2012/Apr/277

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://www.exploit-db.com/exploits/18779

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.kb.cert.org/vuls/id/889195

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/MAPG-8RCPEN

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.ruggedcom.com/productbulletin/ros-security-page/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://www.securityfocus.com/bid/53215

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryUS Government Resource

http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/75120

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.