[Ics-security] Fwd: Medium-[ICS-CERT] ICS-ALERT-12-116-01 - RuggedCom Weak Cryptography for Password Vulnerability

Kelly Mahoney mahoney at jlab.org
Wed Apr 25 18:41:29 EDT 2012 

FYI,
I do not know if we use the RuggedCom devices at JLab.   On a network 
scan, they would show up with the first six characters of the MAC 
address as:
00-13-D5 (Hex)
or
00-0A-DC (Hex)

These are ruggedized general network infrastructure equipment.  
Industrial controls is one use, but there are many more.

Let me know if you find any.


Kelly M.




ICS-CERT has released the following Alert to inform critical infrastructure and key resource (CIKR) asset owners and operators of recent and ongoing activity concerning increased risk to CIKR assets, particularly Internet accessible control systems.:

  ICS-ALERT-12-116-01 - RuggedCom Weak Cryptography for Password Vulnerability

  This Alert can be accessed at www.ics-cert.org or directly through the following links:

  http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01.pdf

  Summary
  ICS-CERT is aware of a public report of a default backdoor user account with a password with trivial encoding. Proof-of-concept (PoC) exploit code affects RuggedCom RuggedSwitch and RuggedServer devices using Rugged Operating System (ROS). These network devices are used in a variety of network applications, including industrial control systems (ICS).
According to this report, the vulnerability is exploitable by generating a password from known data about the device. This report was discovered and released by independent security researcher Justin W. Clarke following an attempted but unsuccessful coordination with the vendor.
ICS-CERT is issuing this alert to provide notice of the public report and identify baseline mitigations for reducing risks to this cybersecurity risk.
The report included vulnerability details and PoC exploit code for the following vulnerability:
Vulnerability Type
Exploitability
Impact

Weak cryptography for passwords
Remote
Complete administrative control of the device

Please report any issues affecting control systems in critical infrastructure environments to ICS-CERT.
CVE-2012-1803 has been assigned to this vulnerability. A CVSS v2 base score of 8.5 has been assigned.
For details, please see US-CERT’s vulnerability note:
http://www.kb.cert.org/vuls/id/889195, website last accessed on April 25, 2012.
ICS-CERT Operations Center
  1-877-776-7585
  www.ics-cert.org
  ics-cert at dhs.gov


-------------- next part --------------
A non-text attachment was scrubbed...
Name: mahoney.vcf
Type: text/x-vcard
Size: 203 bytes
Desc: not available
Url : https://mailman.jlab.org/pipermail/ics-security/attachments/20120425/e7c64eb6/attachment.vcf

More information about the ICS-Security mailing list