PT-2012-5557 · Siemens · Rox Ii Os+2
Justin W. Clarke
·
Published
2012-12-23
·
Updated
2013-05-21
·
CVE-2012-4698
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Siemens RuggedCom Rugged Operating System (ROS) versions prior to 3.12
ROX I OS versions prior to 1.14.6
ROX II OS versions prior to 2.3.1
RuggedMax OS versions prior to 4.2.1.4621.23
Description
The issue allows man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging hardcoded private keys for SSL and SSH communication. These keys are available within ROS files at all customer installations.
Recommendations
For Siemens RuggedCom Rugged Operating System (ROS) versions prior to 3.12, update to version 3.12 or later.
For ROX I OS versions prior to 1.14.6, update to version 1.14.6 or later.
For ROX II OS versions prior to 2.3.1, update to version 2.3.1 or later.
For RuggedMax OS versions prior to 4.2.1.4621.23, update to version 4.2.1.4621.23 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rox Ii Os
Ruggedmax Os
Siemens Ruggedcom Rugged Operating System