Justin W. Clarke

**Name of the Vulnerable Software and Affected Versions** Siemens RuggedCom Rugged Operating System (ROS) versions prior to 3.12 ROX I OS versions prior to 1.14.6 ROX II OS versions prior to 2.3.1 RuggedMax OS versions prior to 4.2.1.4621.23 **Description** The issue allows man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging hardcoded private keys for SSL and SSH communication. These keys are available within ROS files at all customer installations. **Recommendations** For Siemens RuggedCom Rugged Operating System (ROS) versions prior to 3.12, update to version 3.12 or later. For ROX I OS versions prior to 1.14.6, update to version 1.14.6 or later. For ROX II OS versions prior to 2.3.1, update to version 2.3.1 or later. For RuggedMax OS versions prior to 4.2.1.4621.23, update to version 4.2.1.4621.23 or later.

**Name of the Vulnerable Software and Affected Versions** RuggedCom Rugged Operating System (ROS) versions 3.10.x and earlier **Description** The issue allows remote attackers to obtain access by calculating a password derived from the MAC Address field in the banner, and then establishing a session via TELNET, remote shell (rsh), or serial-console. **Recommendations** For versions 3.10.x and earlier, consider disabling remote access via TELNET, rsh, and serial-console until a fix is available. Restrict access to the factory account to minimize the risk of exploitation.