Rugged Operating System Backdoor Unauthorized Access Vulnerability

Bugtraq ID:	53215
Class:	Design Error
CVE:	CVE-2012-1803
Remote:	Yes
Local:	No
Published:	Apr 24 2012 12:00AM
Updated:	Jun 18 2012 09:30PM
Credit:	Justin W. Clarke
Vulnerable:	RuggedCom Rugged Operating System 3.9.1 RuggedCom Rugged Operating System 3.3 RuggedCom Rugged Operating System 3.2
Not Vulnerable:	RuggedCom Rugged Operating System 3.10.1

Rugged Operating System Backdoor Unauthorized Access Vulnerability

Rugged Operating System is prone to an unauthorized-access vulnerability due to a backdoor in all versions of the application.

Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks.

Rugged Operating System Backdoor Unauthorized Access Vulnerability

An attacker can use readily available tools to exploit this issue.

Rugged Operating System Backdoor Unauthorized Access Vulnerability

Solution:
Updates are available. Please see the references for more information.

Rugged Operating System Backdoor Unauthorized Access Vulnerability

References:

• RuggedCom Homepage (RuggedCom)
  
• RuggedCom - Backdoor Accounts in my SCADA network? You don't say... (jc)
  
• ICS-ALERT-12-116-01�??RUGGEDCOM WEAK CRYPTOGRAPHY FOR PASSWORD VULNERABILITY (ICS-CERT)
  
• ICSA-12-146-01�??RUGGEDCOM WEAK CRYPTOGRAPHY FOR PASSWORD VULNERABILITY (CERT)
  
• RuggedCom Rugged Operating System (ROS) contains a hard-coded user account with (US-CERT)