RuggedCom Rugged Operating System < 3.12.2 Multiple Security Vulnerabilities

High

Synopsis

The remote host is running a vulnerable version of the RuggedCom Rugged Operating System (ROS).

Description

RuggedCom is a company specializing in building durable devices which are often deployed in harsh conditions. Given this, RuggedCom devices are oftentimes found within ICS/SCADA networks. Versions of the ROS prior to 3.12.2 are known to have the following security-related vulnerabilities:

-The integrated web server (port 443/tcp) of the affected device might allow attackers to guess the session id of an active web session and hijack it.

-The integrated web server (port 443/tcp) of the affected device might allow attackers with unprivileged accounts (guest or operator) to perform limited administrative operations over the network.

- A security bypass in the web interface might allow unauthorized/unprivileged users to modify system alarms.

- The 'weak password' alarm does not properly notify the user in the event a weak password is configured, which could lead to easier brute forcing by an attacker.

- Auto-generated SSH/SSL credentials might overwrite user-installed credentials in certain situations.

- Several other bugs exist related to default guest and operator accounts, as well as system time discrepancies.

Solution

The vendor has released an update. Update to ROS version 3.12.2 or later, and ensure that access to this server is restricted to only trusted hosts/networks.