CVE-2012-1803
RuggedCom Devices - Backdoor Access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
El Sistema operativo RuggedCom Rugged (ROS) antes de v3.10.x tiene una cuenta de fábrica con una contraseña se deriva del campo de direcciones MAC que se muestra en el banner, lo que hace que sea más fácil obtener acceso a los atacantes remotos mediante la realización de un cálculo de este valor de la dirección MAC, para , a continuación, crear una sesión de (1) telnet, (2) shell remoto (también conocido como rsh), o (3) consola por puerto serie.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-03-21 CVE Reserved
- 2012-04-24 CVE Published
- 2012-04-24 First Exploit
- 2024-08-06 CVE Updated
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2012-04/0186.html | Broken Link | |
http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars | Third Party Advisory | |
http://ics-cert.us-cert.gov/advisories/ICSA-12-146-01A | Third Party Advisory | |
http://www.kb.cert.org/vuls/id/889195 | Third Party Advisory | |
http://www.kb.cert.org/vuls/id/MAPG-8RCPEN | Third Party Advisory | |
http://www.securityfocus.com/bid/53215 | Third Party Advisory | |
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf | Broken Link | |
http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/75120 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/18779 | 2012-04-24 | |
http://seclists.org/fulldisclosure/2012/Apr/277 | 2024-08-06 | |
http://www.exploit-db.com/exploits/18779 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.ruggedcom.com/productbulletin/ros-security-page | 2022-02-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Siemens Search vendor "Siemens" | Ruggedcom Rugged Operating System Search vendor "Siemens" for product "Ruggedcom Rugged Operating System" | >= 3.2.0 <= 3.10.1 Search vendor "Siemens" for product "Ruggedcom Rugged Operating System" and version " >= 3.2.0 <= 3.10.1" | - |
Affected
|