Backdoor Vulnerability in Rugged Operating System by RuggedCom
CVE-2012-2441

Currently unrated

Key Information:

Vendor: Siemens
Status: Ruggedcom Rugged Operating System
Vendor: CVE Published:; 28 April 2012

Summary

The Rugged Operating System (ROS) by RuggedCom contains a backdoor due to a factory account associated with a password that can be easily derived from the hardware's MAC address. This exposure enables remote attackers to gain unauthorized access through calculated SSH or HTTPS sessions. Such vulnerabilities put critical infrastructure at risk, particularly in sectors like power and traffic control where ROS is commonly deployed. Prompt updates and rigorous security practices are essential to mitigate potential exploitation.

References

http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/

x_refsource_MISC

http://www.kb.cert.org/vuls/id/889195

third-party-advisoryx_refsource_CERT-VN

http://www.ruggedcom.com/productbulletin/ros-security-page/

x_refsource_CONFIRM

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 28, 2012
Vulnerability Reserved
Apr 27, 2012