RuggedCom RuggedOS (ROS) Default 'factory' Account Backdoor

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote network device has a hard-coded user account with
predictable credentials.

Description :

The remote device is running RuggedOS. Using the user name 'factory'
and a password derived from the MAC address of the device (which is
present in the telnet login banner), Nessus was able to successfully
log into the device via a built-in backdoor account.

See also :

http://seclists.org/fulldisclosure/2012/Apr/277
http://www.ruggedcom.com/productbulletin/ros-security-page/

Solution :

Upgrade to the latest RuggedOS firmware version per the vendor's
advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 58991 ()

Bugtraq ID: 53215

CVE ID: CVE-2012-1803