RuggedCom RuggedOS Default 'factory' Account Backdoor

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote network device has a hard-coded user account with
predictable credentials.

Description :

The remote device is running RuggedCom RuggedOS (ROS). Using the user
name 'factory' and a password derived from the MAC address of the
device (which is present in the telnet login banner), Nessus was able
to successfully log into the device via a built-in backdoor account.

See also :

Solution :

Upgrade to the latest RuggedOS firmware version per the vendor's

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 58991 ()

Bugtraq ID: 53215

CVE ID: CVE-2012-1803