RuggedCom Weak Cryptography for Password Vulnerability

Act NowICS-CERT ICSA-12-146-01AFeb 26, 2012

Summary

RuggedCom ROS uses weak cryptographic methods to protect passwords stored in device configuration files. An attacker who obtains a configuration file can decrypt passwords offline and gain administrative access to the network device. This affects ROS version 3.2.x and all 3.3.x versions. No vendor fix is planned; mitigations focus on preventing unauthorized access to configuration files and restricting administrative access to the device.

What this means

What could happen

An attacker who obtains the RuggedCom device configuration file could decrypt passwords and gain unauthorized access to the device, allowing them to modify network routing, disable security features, or disrupt communications in your industrial network.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Siemens RuggedCom ROS industrial network devices (versions 3.2.x and 3.3.x) that rely on these switches and routers to segment and manage SCADA/ICS network traffic.

How it could be exploited

An attacker must obtain a copy of the RuggedCom ROS configuration file (typically via network access, physical theft, or misconfiguration exposure). Once obtained, the weak cryptographic method used to protect passwords can be reversed offline to recover cleartext credentials. The attacker can then use those credentials to log in to the ROS device and modify settings.

Prerequisites

Access to device configuration file (via network exposure, physical access, or backup compromise
ROS version 3.2.x or 3.3.x or later deployed

High EPSS score (63.5%)No patch availableWeak password cryptographyAffects industrial network infrastructure

Exploitability

High exploit probability (EPSS 63.5%)

Affected products (2)

2 pending

ProductAffected VersionsFix Status

ROS: <=3.2.x≤ 3.2.xNo fix yet

ROS: >=3.3.x≥ 3.3.xNo fix yet

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGImplement strict access controls and firewalling to limit who can reach RuggedCom ROS devices on your network; restrict to engineering workstations only

HARDENINGProtect configuration backups with strong encryption and restrict access to authorized personnel only

HARDENINGAudit all RuggedCom ROS devices for exposed or publicly accessible configuration files

WORKAROUNDChange all ROS device passwords to strong, unique values immediately

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor device access logs for unauthorized login attempts

CVEs (1)

CVE-2012-1803

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/80cb2394-fb02-4195-830a-ae9e38247230