CVE-2023-52238

Name of the Vulnerable Software and Affected Versions RUGGEDCOM RST2228 versions prior to V5.9.0 RUGGEDCOM RST2228P versions prior to V5.9.0

Description A vulnerability has been identified in the web server of the affected systems, which leaks the MACSEC key in clear text to a logged-in user. This could allow an attacker with low-privileged user credentials to retrieve the MACSEC key and access (decrypt) the ethernet frames sent by authorized recipients. The issue is related to inadequate access control in the Ethernet Frame Handler component of the RUGGEDCOM Ethernet switch microprogram software, which may enable a remote attacker to gain unauthorized access to protected information.

Recommendations For RUGGEDCOM RST2228 versions prior to V5.9.0, update to version V5.9.0 or later to resolve the issue. For RUGGEDCOM RST2228P versions prior to V5.9.0, update to version V5.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web server of the affected systems to minimize the risk of exploitation.