RuggedCom Rugged Operating System Multiple Security Vulnerabilities
PVS ID: 8027 FAMILY: SCADA RISK: MEDIUM NESSUS ID:70351
Description: Synopsis :\n\nThe remote host is running a vulnerable version of the RuggedCom Rugged Operating System.\n\nRuggedCom is a company which specializes in building durable devices which are often deployed in harsh conditions. Given this, RuggedCom is typically found within ICS/SCADA networks. Versions of the Rugged Operating System prior to 3.12.2 are known to have the following security-related vulnerabilities: \n\n - A security bypass in the web interface that may allow unauthorized/unprivileged users to modify system alarms.\n\n - The 'weak password' alarm does not properly notify the user in the event a weak password is configured, which could lead to easier brute forcing by an attacker.\n\n - Auto-generated SSH/SSL credentials may overwrite user-installed credentials in certain situations.\n\n - Several other bugs exist related to default guest and operator accounts, as well as system time discrepancies. \n\nFor your information, the detected version of RuggedCom Rugged Operating System was: %L

Solution: The vendor has released an update. Update to Rugged Operating System version 3.12.2 or later, and ensure that access to this server is restricted to only trusted hosts/networks.

CVE Not available


Copyright Tenable Network Security Inc. 2013