Vulnerability in Siemens Rugged Operating System and RuggedMax OS
CVE-2012-4698

Currently unrated

Key Information:

Vendor: Siemens
Status: Ros
Vendor: CVE Published:; 23 December 2012

What is CVE-2012-4698?

Siemens' RuggedCom Rugged Operating System (ROS) and associated OS versions employ hardcoded private keys for SSL and SSH communications. This poses a significant risk, as it potentially allows man-in-the-middle attackers to easily spoof servers and decrypt sensitive network traffic. The presence of these keys in ROS files across all customer installations increases the likelihood of exploitation, enabling unauthorized access to critical communication channels.

References

http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01...

x_refsource_MISC

http://www.ruggedcom.com/productbulletin/ros-security-page/

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2012
Vulnerability Reserved
Aug 28, 2012

CVE-2012-4698 Data

JSON