Search criteria
5 vulnerabilities found for ros by siemens
VAR-201212-0036
Vulnerability from variot - Updated: 2023-12-18 14:02Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. plural Siemens Since the product uses a hard-coded private key, there are vulnerabilities that allow the server to be impersonated and network traffic to be decrypted.Man-in-the-middle attacks (man-in-the-middle attack) Is installed in the user's environment ROS By using the private key in the file, the server can be spoofed and network traffic can be decrypted. According to the report, SSL keys can be extracted from ROS binary files using publicly available software. RuggedCom Inc is the world's leading manufacturer of high-performance network and communications equipment for industrial environments. The Rugged operating system has a hard-coded RSA private key for SSL / TLS communication. The POC code for this vulnerability has been released by Justin W. Clarke of Cylance Inc. According to a report, this vulnerability can be used for SSL between end users and RuggedCom network devices The communication is decrypted. Rugged Operating System is prone to an information-disclosure vulnerability. There is a vulnerability in Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS before 1.14.5, ROX II OS before 2.3.0, and RuggedMax OS before 4.2.1.4621.22
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201212-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedmax os",
"scope": "lte",
"trust": 1.8,
"vendor": "siemens",
"version": "4.2.1.4621.22"
},
{
"model": "rox i os",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.14.5"
},
{
"model": "rox ii os",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "ros",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.11.0"
},
{
"model": "ruggedcom rugged operating system",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "3.11"
},
{
"model": "ruggedcom rugged operating system on linux i",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "1.14.5"
},
{
"model": "ruggedcom rugged operating system on linux ii",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "ruggedcom rugged operating system",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "3.12"
},
{
"model": "rox i os",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "1.14.5"
},
{
"model": "rox ii os",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "ruggedmax os",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "4.2.1.4621.22"
},
{
"model": "rugged operating system",
"scope": null,
"trust": 0.6,
"vendor": "ruggedcom",
"version": null
},
{
"model": "ruggedmax os",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.2.1.4621.22"
},
{
"model": "rox ii os",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "rox i os",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1.14.5"
},
{
"model": "ros",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.11.0"
},
{
"model": "rugged operating system",
"scope": "eq",
"trust": 0.3,
"vendor": "ruggedcom",
"version": "3.10.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9303"
},
{
"db": "CNVD",
"id": "CNVD-2012-4389"
},
{
"db": "BID",
"id": "55123"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005789"
},
{
"db": "NVD",
"id": "CVE-2012-4698"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ros:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.11.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:rox_i_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.14.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:rox_ii_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedmax_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.1.4621.22",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4698"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Justin W. Clarke",
"sources": [
{
"db": "BID",
"id": "55123"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-385"
}
],
"trust": 0.9
},
"cve": "CVE-2012-4698",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-4698",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-57979",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4698",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201212-325",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57979",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57979"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005789"
},
{
"db": "NVD",
"id": "CVE-2012-4698"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. plural Siemens Since the product uses a hard-coded private key, there are vulnerabilities that allow the server to be impersonated and network traffic to be decrypted.Man-in-the-middle attacks (man-in-the-middle attack) Is installed in the user\u0027s environment ROS By using the private key in the file, the server can be spoofed and network traffic can be decrypted. According to the report, SSL keys can be extracted from ROS binary files using publicly available software. RuggedCom Inc is the world\u0027s leading manufacturer of high-performance network and communications equipment for industrial environments. The Rugged operating system has a hard-coded RSA private key for SSL / TLS communication. The POC code for this vulnerability has been released by Justin W. Clarke of Cylance Inc. According to a report, this vulnerability can be used for SSL between end users and RuggedCom network devices The communication is decrypted. Rugged Operating System is prone to an information-disclosure vulnerability. There is a vulnerability in Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS before 1.14.5, ROX II OS before 2.3.0, and RuggedMax OS before 4.2.1.4621.22",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4698"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005789"
},
{
"db": "CNVD",
"id": "CNVD-2012-9303"
},
{
"db": "CNVD",
"id": "CNVD-2012-4389"
},
{
"db": "BID",
"id": "55123"
},
{
"db": "VULHUB",
"id": "VHN-57979"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4698",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-12-354-01",
"trust": 3.1
},
{
"db": "SIEMENS",
"id": "SSA-622607",
"trust": 1.7
},
{
"db": "BID",
"id": "55123",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-354-01A",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005789",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201212-325",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-9303",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2012-4389",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201208-385",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-57979",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9303"
},
{
"db": "CNVD",
"id": "CNVD-2012-4389"
},
{
"db": "VULHUB",
"id": "VHN-57979"
},
{
"db": "BID",
"id": "55123"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005789"
},
{
"db": "NVD",
"id": "CVE-2012-4698"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-385"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-325"
}
]
},
"id": "VAR-201212-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9303"
},
{
"db": "CNVD",
"id": "CNVD-2012-4389"
},
{
"db": "VULHUB",
"id": "VHN-57979"
}
],
"trust": 1.9416781916666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9303"
},
{
"db": "CNVD",
"id": "CNVD-2012-4389"
}
]
},
"last_update_date": "2023-12-18T14:02:06.591000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RuggedCom Security Updates",
"trust": 0.8,
"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-622607: RuggedCom Private Key Vulnerabilities for HTTPS/SSL and SSH",
"trust": 0.8,
"url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Patch for Rugged Operating System Hardcoded Private Key Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/26800"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9303"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005789"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57979"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005789"
},
{
"db": "NVD",
"id": "CVE-2012-4698"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-354-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"
},
{
"trust": 1.7,
"url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"
},
{
"trust": 1.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-354-01a"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4698"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4698"
},
{
"trust": 0.6,
"url": "http://isc.sans.edu/diary.html?storyid=13948http"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55123"
},
{
"trust": 0.3,
"url": "http://www.ruggedcom.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9303"
},
{
"db": "CNVD",
"id": "CNVD-2012-4389"
},
{
"db": "VULHUB",
"id": "VHN-57979"
},
{
"db": "BID",
"id": "55123"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005789"
},
{
"db": "NVD",
"id": "CVE-2012-4698"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-385"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-9303"
},
{
"db": "CNVD",
"id": "CNVD-2012-4389"
},
{
"db": "VULHUB",
"id": "VHN-57979"
},
{
"db": "BID",
"id": "55123"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005789"
},
{
"db": "NVD",
"id": "CVE-2012-4698"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-385"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9303"
},
{
"date": "2012-08-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4389"
},
{
"date": "2012-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-57979"
},
{
"date": "2012-08-21T00:00:00",
"db": "BID",
"id": "55123"
},
{
"date": "2012-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005789"
},
{
"date": "2012-12-23T21:55:01.437000",
"db": "NVD",
"id": "CVE-2012-4698"
},
{
"date": "2012-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-385"
},
{
"date": "2012-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9303"
},
{
"date": "2012-08-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4389"
},
{
"date": "2013-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-57979"
},
{
"date": "2013-04-29T20:51:00",
"db": "BID",
"id": "55123"
},
{
"date": "2012-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005789"
},
{
"date": "2013-05-21T03:20:36.340000",
"db": "NVD",
"id": "CVE-2012-4698"
},
{
"date": "2012-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-385"
},
{
"date": "2012-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-385"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-325"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rugged operating system private key disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4389"
},
{
"db": "BID",
"id": "55123"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-385"
}
],
"trust": 1.5
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-385"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-325"
}
],
"trust": 1.2
}
}
VAR-201509-0323
Vulnerability from variot - Updated: 2023-12-18 12:06Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. RuggedCom Inc. is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. Siemens Ruggedcom ROS products are prone to a security bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0323",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom rugged operating system",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "3.8.0"
},
{
"model": "ruggedcom rugged operating system",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "4.0.0"
},
{
"model": "ruggedcom rugged operating system",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "ruggedcom rugged operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "3.8.0 to 4.1.x"
},
{
"model": "ros",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.8.0"
},
{
"model": "ros",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.2.0"
},
{
"model": "ruggedcom ros",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.8"
},
{
"model": "ruggedcom ros",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "ruggedcom ros",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom rugged operating system",
"version": "3.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom rugged operating system",
"version": "4.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom rugged operating system",
"version": "4.1.0"
}
],
"sources": [
{
"db": "IVD",
"id": "76a42e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05885"
},
{
"db": "BID",
"id": "76546"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004683"
},
{
"db": "NVD",
"id": "CVE-2015-6675"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-147"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6675"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stephen Craven of the Tennessee Valley Authority",
"sources": [
{
"db": "BID",
"id": "76546"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-6675",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2015-05885",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "76a42e28-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-84636",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6675",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05885",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-147",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "76a42e28-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84636",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "76a42e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05885"
},
{
"db": "VULHUB",
"id": "VHN-84636"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004683"
},
{
"db": "NVD",
"id": "CVE-2015-6675"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. RuggedCom Inc. is the world\u0027s leading manufacturer of high performance networking and communications equipment for industrial environments. Siemens Ruggedcom ROS products are prone to a security bypass vulnerability. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6675"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004683"
},
{
"db": "CNVD",
"id": "CNVD-2015-05885"
},
{
"db": "BID",
"id": "76546"
},
{
"db": "IVD",
"id": "76a42e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84636"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6675",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-244-01",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-720081",
"trust": 2.3
},
{
"db": "SECTRACK",
"id": "1033478",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201509-147",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-05885",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004683",
"trust": 0.8
},
{
"db": "BID",
"id": "76546",
"trust": 0.4
},
{
"db": "IVD",
"id": "76A42E28-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89489",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-84636",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "76a42e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05885"
},
{
"db": "VULHUB",
"id": "VHN-84636"
},
{
"db": "BID",
"id": "76546"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004683"
},
{
"db": "NVD",
"id": "CVE-2015-6675"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-147"
}
]
},
"id": "VAR-201509-0323",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "76a42e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05885"
},
{
"db": "VULHUB",
"id": "VHN-84636"
}
],
"trust": 1.4062636433333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "76a42e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05885"
}
]
},
"last_update_date": "2023-12-18T12:06:54.411000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-720081",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-720081.pdf"
},
{
"title": "Siemens Rugged Operating System (ROS) default IP forwarding feature VLAN bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/63665"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05885"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004683"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84636"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004683"
},
{
"db": "NVD",
"id": "CVE-2015-6675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-244-01"
},
{
"trust": 2.3,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-720081.pdf"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033478"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6675"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6675"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05885"
},
{
"db": "VULHUB",
"id": "VHN-84636"
},
{
"db": "BID",
"id": "76546"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004683"
},
{
"db": "NVD",
"id": "CVE-2015-6675"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "76a42e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05885"
},
{
"db": "VULHUB",
"id": "VHN-84636"
},
{
"db": "BID",
"id": "76546"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004683"
},
{
"db": "NVD",
"id": "CVE-2015-6675"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-09T00:00:00",
"db": "IVD",
"id": "76a42e28-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05885"
},
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-84636"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76546"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004683"
},
{
"date": "2015-09-11T16:59:11.660000",
"db": "NVD",
"id": "CVE-2015-6675"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05885"
},
{
"date": "2016-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-84636"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76546"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004683"
},
{
"date": "2016-12-22T03:00:14.683000",
"db": "NVD",
"id": "CVE-2015-6675"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-147"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens RUGGEDCOM ROS In VLAN Vulnerabilities bypassing isolation protection mechanisms",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004683"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "76546"
}
],
"trust": 0.3
}
}
FKIE_CVE-2012-4698
Vulnerability from fkie_nvd - Published: 2012-12-23 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D6C891-CAB1-498D-B68E-84EF210EB39D",
"versionEndIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:rox_i_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFF857C-7B35-4E33-AC5A-FE8DDEEC13A4",
"versionEndIncluding": "1.14.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:rox_ii_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7537182F-7500-4FBF-87AB-5617D660676F",
"versionEndIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedmax_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9001274A-0A68-4D69-ACEE-A7EDEC408AA8",
"versionEndIncluding": "4.2.1.4621.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations."
},
{
"lang": "es",
"value": "Siemens Ruggedcom Rugged Operating System (ROS) antes de v3.12, ROX I OS hasta v1.14.5, ROX II OS hasta v2.3.0 y RuggedMax OS hasta v4.2.1.4621.22 usa claves privadas para comunicaciones SSL y SSH escritas en c\u00f3digo, lo que hace que sea m\u00e1s f\u00e1cil para atacantes man-in-the-middle el crear servidores falsos y descifrar el tr\u00e1fico de red aprovech\u00e1ndose de la disponibilidad de estas claves dentro de los archivos de ROS en todas las instalaciones de los clientes.\r\n"
}
],
"id": "CVE-2012-4698",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-23T21:55:01.437",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-4698 (GCVE-0-2012-4698)
Vulnerability from cvelistv5 – Published: 2012-12-23 21:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-21T09:00:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"
},
{
"name": "http://www.ruggedcom.com/productbulletin/ros-security-page/",
"refsource": "CONFIRM",
"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"
},
{
"name": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4698",
"datePublished": "2012-12-23T21:00:00",
"dateReserved": "2012-08-28T00:00:00",
"dateUpdated": "2024-08-06T20:42:55.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4698 (GCVE-0-2012-4698)
Vulnerability from nvd – Published: 2012-12-23 21:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-21T09:00:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"
},
{
"name": "http://www.ruggedcom.com/productbulletin/ros-security-page/",
"refsource": "CONFIRM",
"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"
},
{
"name": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4698",
"datePublished": "2012-12-23T21:00:00",
"dateReserved": "2012-08-28T00:00:00",
"dateUpdated": "2024-08-06T20:42:55.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}