CVE-2012-4698

Опубликовано: 23 дек. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.

Ссылки

http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A
http://www.ruggedcom.com/productbulletin/ros-security-page/
Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf
US Government Resource
https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf
Vendor Advisory
http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A
http://www.ruggedcom.com/productbulletin/ros-security-page/
Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf
US Government Resource
https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:siemens:ros:*:*:*:*:*:*:*:*

Версия до 3.11.0 (включая)

Конфигурация 2

cpe:2.3:o:siemens:rox_i_os:*:*:*:*:*:*:*:*

Версия до 1.14.5 (включая)

Конфигурация 3

cpe:2.3:o:siemens:rox_ii_os:*:*:*:*:*:*:*:*

Версия до 2.3.0 (включая)

Конфигурация 4

cpe:2.3:o:siemens:ruggedmax_os:*:*:*:*:*:*:*:*

Версия до 4.2.1.4621.22 (включая)

EPSS

Процентиль: 65%

0.00484

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-gxfj-phf9-56vw

github

больше 3 лет назад