Detections
Analytics
RuggedCom RuggedOS Known Hardcoded SSL RSA Private Key
medium Nessus Plugin ID 62566
Language:
Synopsis
The remote device is using a known hardcoded SSL RSA key.Description
The remote RuggedCom RuggedOS (ROS) device is using a known hardcoded SSL RSA private key. An attacker may use this key to decrypt intercepted traffic between users and the device's web interface.Credit : Justin W Clarke, for his help in developing this plugin.
Solution
Upgrade to RuggedCom RuggedOS 3.12 or later.As a workaround, disable HTTPS access on the device.
See Also
http://www.cylance.com/Ruggedcom.html
https://w3.siemens.com/mcms/industrial-communication/en/rugged-communication/Pages/ruggedcom.aspx
Plugin Details
Severity: Medium
ID: 62566
File Name: scada_ruggedos_known_ssl_private_key.nbin
Version: 1.185
Type: remote
Family: General
Published: 10/16/2012
Updated: 3/19/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2012-4698
Vulnerability Information
CPE: cpe:/o:siemens:ruggedcom_rugged_operating_system
Required KB Items: SSL/Supported
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/7/2012
Vulnerability Publication Date: 8/21/2012
Reference Information
CVE: CVE-2012-4698
BID: 55123
ICS-ALERT: 12-234-01, 12-234-01A
ICSA: 12-354-01A