Lucene search

MitreCVE-2012-2441

HistoryApr 28, 2012 - 12:55 a.m.

CVE-2012-2441

2012-04-2800:55:01

CWE-521

mitre

web.nvd.nist.gov

cve-2012-2441

ruggedcom

rugged operating system

ros

factory account

remote access

ssh

https

vulnerability

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.013

Percentile

85.8%

JSON

RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.

Affected configurations

Nvd

Node

siemensruggedcom_rugged_operating_systemRange<3.3.0

VendorProductVersionCPE
siemensruggedcom_rugged_operating_system*cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	ruggedcom_rugged_operating_system	*	cpe:2.3:o:siemens:ruggedcom_rugged_operating_system::::::::

References

arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars

seclists.org/fulldisclosure/2012/Apr/277

www.kb.cert.org/vuls/id/889195

www.ruggedcom.com/productbulletin/ros-security-page/

www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf

www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/

exchange.xforce.ibmcloud.com/vulnerabilities/75244

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.013

Percentile

85.8%

JSON

Related for CVE-2012-2441