Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2012-1803

Published: 28/04/2012 Updated: 01/02/2022
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 855
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Ruggedcom Rugged Operating System

Vulnerability Summary

RuggedCom Rugged Operating System (ROS) 3.10.x and previous versions has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote malicious users to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

siemens ruggedcom rugged operating system

Exploits

Exploit DB: RuggedCom Devices - Backdoor Access
Title: Undocumented Backdoor Access to RuggedCom Devices Author: jc Organization: JC CREW Date: April 23, 2012 CVE: CVE-2012-1803 Background: RuggedCom is one of a handful of networking vendors who capitalize on the market for "Industrial Strength" and "Hardened" networking equipment You'll find their gear installed in traffic control systems, ra ...
Exploit DB: RuggedCom Device Undocumented Backdoor
An undocumented backdoor account exists within all released versions of RuggedCom's Rugged Operating System (ROS®) The username for the account, which cannot be disabled, is "factory" and its password is dynamically generated based on the device's MAC address Multiple attempts have been made in the past 12 months to have this backdoor removed an ...

References

CWE-310http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/http://www.ruggedcom.com/productbulletin/ros-security-page/http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdfhttp://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.arshttp://seclists.org/fulldisclosure/2012/Apr/277http://www.kb.cert.org/vuls/id/MAPG-8RCPENhttp://www.kb.cert.org/vuls/id/889195http://www.securityfocus.com/bid/53215http://archives.neohapsis.com/archives/bugtraq/2012-04/0186.htmlhttp://ics-cert.us-cert.gov/advisories/ICSA-12-146-01Ahttps://exchange.xforce.ibmcloud.com/vulnerabilities/75120http://www.exploit-db.com/exploits/18779https://nvd.nist.govhttps://www.exploit-db.com/exploits/18779/https://www.kb.cert.org/vuls/id/889195
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook