CVE-2012-4698
published 2012-12-23CVE-2012-4698: Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
1.13%
62.5th percentile
Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | ros | <= 3.11.0 | — |
| siemens | rox_i_os | <= 1.14.5 | — |
| siemens | rox_ii_os | <= 2.3.0 | — |
| siemens | ruggedmax_os | <= 4.2.1.4621.22 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gxfj-phf9-56vw: Siemens RuggedCom Rugged Operating System (ROS) before 3
ghsa_unreviewed·2022-05-17
CVE-2012-4698 [MEDIUM] CWE-200 GHSA-gxfj-phf9-56vw: Siemens RuggedCom Rugged Operating System (ROS) before 3
Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.
CISA ICS
Ruggedcom ROS Hard-Coded RSA SSL Private Key (Update A)
cisa_ics·2012-12-18
Ruggedcom ROS Hard-Coded RSA SSL Private Key (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Ruggedcom ROS Hard-Coded RSA SSL Private Key (Update A)
Last RevisedSeptember 06, 2018
Alert CodeICSA-12-354-01A
## Overview
This Updated Advisory is a follow-up to the original advisory titled ICSA-12-354-01 RuggedCom ROS Hard-Coded RSA SSL Private Key that was published December 18, 2012, on the ICS-CERT Web page, as a follow-up to the original ICS-CERT alert ICS-ALERT-12-234-01 RuggedCom ROS Key Management Errors, which was released to the Web page on August 30, 2012.
Independent researcher Justin W. Clarke of Cylance Inc., has identified the use of hard-coded RSA SSL privat
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01Ahttp://www.ruggedcom.com/productbulletin/ros-security-page/http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdfhttps://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdfhttp://ics-cert.us-cert.gov/advisories/ICSA-12-354-01Ahttp://www.ruggedcom.com/productbulletin/ros-security-page/http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdfhttps://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf
2012-12-23
Published