CVE-2012-1803
published 2012-04-28CVE-2012-1803: RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes…
PriorityP273high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
49.11%
98.7th percentile
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | ruggedcom_rugged_operating_system | < 3.3.0 | 3.3.0 |
| siemens | ruggedcom_rugged_operating_system | 3.2.0 – 3.10.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Use Nessus plugin ID 58991 to actively check for the CVE-2012-1803 RuggedOS backdoor account. ↗
- →The backdoor password is derived from the device MAC address using the formula: reverse MAC bytes + '0000', convert hex to decimal, modulo 999999929. Monitor for scripted password generation attempts correlated with MAC address enumeration. ↗
- →ICS-CERT confirmed that public exploits no longer work on patched firmware v3.10.1; flag any ROS devices running versions 3.2.x and earlier or unpatched 3.3.x as vulnerable. ↗
- →The Metasploit auxiliary module scanner/telnet/telnet_ruggedcom can be used to validate exposure; detect its use in network traffic as an attacker indicator. ↗
- ·The factory backdoor account cannot be disabled in affected ROS versions; the only remediation is firmware upgrade to versions 3.10.1, 3.9.3, 3.8.5, or 3.7.9 which remove the account entirely. ↗
- ·Patched firmware removes the factory account and also removes device information from the standard login banner, which was previously used to derive the MAC-address-based password. ↗
- ·A related but distinct vulnerability (CVE-2012-2441) also exists in ROS before 3.3, where a factory account password is derived from the MAC address banner — exploitable via SSH or HTTPS rather than Telnet. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-38rw-qv5h-8xqf: RuggedCom Rugged Operating System (ROS) before 3
ghsa_unreviewed·2022-05-13·CVSS 8.5
CVE-2012-2441 [HIGH] CWE-521 GHSA-38rw-qv5h-8xqf: RuggedCom Rugged Operating System (ROS) before 3
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.
GHSA
GHSA-qgxr-qjc2-5hqj: RuggedCom Rugged Operating System (ROS) 3
ghsa_unreviewed·2022-05-13
CVE-2012-1803 [HIGH] GHSA-qgxr-qjc2-5hqj: RuggedCom Rugged Operating System (ROS) 3
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
CISA ICS
RuggedCom Weak Cryptography for Password Vulnerability (Update A)
cisa_ics·2012-05-25
RuggedCom Weak Cryptography for Password Vulnerability (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
RuggedCom Weak Cryptography for Password Vulnerability (Update A)
Last RevisedSeptember 06, 2018
Alert CodeICSA-12-146-01A
## Overview
## --------- Begin Update A Part 1 of 2 --------
This is an update to the original advisory titled ICSA-12-146-01—RuggedCom Weak Cryptography for Password Vulnerability that was published May 25, 2012, on the ICS-CERT Web page. Independent researcher Justin W. Clarke identified a default backdoor user accountRuggedCom Backdoor Accounts, http://seclists.org/fulldisclosure/2012/Apr/277, Web site last accessed June 18, 2012., US-CERT Vulnerability
No detection rules found.
Exploit-DB
Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
exploitdb·2020-01-29·CVSS 8.1
CVE-2018-8413 [HIGH] Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
---
# Exploit Title: Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
# Google Dork: n/a
# Date: 2020-10-28
# Exploit Author: Eduardo Braun Prado
# Vendor Homepage: http://www.microsoft.com/
# Software Link: http://www.microsoft.com/
# Version: 10 v.1803 (17134.407)
# Tested on: Windows 7, 8.0, 8.1, 10, Server 2012, Server 2012 R2, Server 2016, Server 2019
# CVE : CVE-2018-8413
# Discovered by: Eduardo Braun Prado
[Details]
Microsoft 'themepack' files are classic '.theme' files compressed for
sharing over the internet. Theme files
allows users to customize visual aspects of their device, such as icons
for known features like 'My computer'
and 'trash bin' folders, the default screensaver (which by the way
allowed attacke
Exploit-DB
RuggedCom Devices - Backdoor Access
exploitdb·2012-04-24·CVSS 8.5
CVE-2012-2441 [HIGH] RuggedCom Devices - Backdoor Access
RuggedCom Devices - Backdoor Access
---
Title: Undocumented Backdoor Access to RuggedCom Devices
Author: jc
Organization: JC CREW
Date: April 23, 2012
CVE: CVE-2012-1803
Background:
RuggedCom is one of a handful of networking vendors who capitalize on
the market for "Industrial Strength" and "Hardened" networking
equipment. You'll find their gear installed in traffic control
systems, railroad communications systems, power plants, electrical
substations, and even US military sites. Beyond simple L2 and L3
networking these devices are also used for serial-to-ip converstion in
SCADA systems and they even support modbus and dnp3. RuggedCom
published a handy guide to some of their larger customers at
www.ruggedcom.com/about/customers/. My favorite quote is from a
contractor who installed Rug
Metasploit
RuggedCom Telnet Password Generator
metasploit
RuggedCom Telnet Password Generator
RuggedCom Telnet Password Generator
This module will calculate the password for the hard-coded hidden username "factory" in the RuggedCom Rugged Operating System (ROS). The password is dynamically generated based on the devices MAC address.
Unit42
Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350
blogs_unit42·2020-07-21·CVSS 10.0
CVE-2020-1350 [CRITICAL] Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350
## Executive Summary
In July 2020, Microsoft released a security update, CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability, for a new remote code execution (RCE) vulnerability.
This vulnerability exists within the Microsoft Windows Domain Name System (DNS) Server due to the improper handling of certain types of requests, specifically over port 53/TCP. Exploitation of this vulnerability is possible by creating an integer overflow, potentially leading to remote code execution.
This vulnerability only affects Windows DNS and the following builds of the Microsoft Windows operating system (OS):
- Windows Server 2008/2008 R2
- Windows Server 2012/2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server version 1803/1903/1909/2004 (Server Core installation)
#
Tenable
Are you sure you don’t have a control system on your network?
blogs_tenable·2013-07-22
Are you sure you don’t have a control system on your network?
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Are you sure you don’t have a control system on your network?
blogs_tenable·2013-07-22
Are you sure you don’t have a control system on your network?
Blog /
Subscribe
# Are you sure you don’t have a control system on your network?
Ron Gula
July 22, 2013
7 Min Read
This blog entry describes many of the recent advances Tenable has made with active and passive detection of supervisory control and data acquisition (SCADA) and industrial control system (ICS) devices on networks.
There has been a dramatic increase in devices and applications that control power, industrial processes, and even our homes. With almost 600 public SCADA vulnerabilities, 214 of them disclosed in 2012, Tenable has kept pace with these advances by developing new forms of detection for Nessus and the Passive Vulnerability Scanner.
### A Short Review of Active and Passive ICS Discovery
Nessus finds SCADA and ICS devices through network scanning. It can discover
http://archives.neohapsis.com/archives/bugtraq/2012-04/0186.htmlhttp://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.arshttp://ics-cert.us-cert.gov/advisories/ICSA-12-146-01Ahttp://seclists.org/fulldisclosure/2012/Apr/277http://www.exploit-db.com/exploits/18779http://www.kb.cert.org/vuls/id/889195http://www.kb.cert.org/vuls/id/MAPG-8RCPENhttp://www.ruggedcom.com/productbulletin/ros-security-page/http://www.securityfocus.com/bid/53215http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdfhttp://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/https://exchange.xforce.ibmcloud.com/vulnerabilities/75120http://archives.neohapsis.com/archives/bugtraq/2012-04/0186.htmlhttp://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.arshttp://ics-cert.us-cert.gov/advisories/ICSA-12-146-01Ahttp://seclists.org/fulldisclosure/2012/Apr/277http://www.exploit-db.com/exploits/18779http://www.kb.cert.org/vuls/id/889195http://www.kb.cert.org/vuls/id/MAPG-8RCPENhttp://www.ruggedcom.com/productbulletin/ros-security-page/http://www.securityfocus.com/bid/53215http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdfhttp://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/https://exchange.xforce.ibmcloud.com/vulnerabilities/75120
2012-04-28
Published