Sign-up

ID

VAR-201212-0036


CVE

CVE-2012-4698


TITLE

Rugged operating system private key disclosure vulnerability

Trust: 1.5

sources: CNVD: CNVD-2012-4389 // BID: 55123 // CNNVD: CNNVD-201208-385

DESCRIPTION

Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. plural Siemens Since the product uses a hard-coded private key, there are vulnerabilities that allow the server to be impersonated and network traffic to be decrypted.Man-in-the-middle attacks (man-in-the-middle attack) Is installed in the user's environment ROS By using the private key in the file, the server can be spoofed and network traffic can be decrypted. According to the report, SSL keys can be extracted from ROS binary files using publicly available software. RuggedCom Inc is the world's leading manufacturer of high-performance network and communications equipment for industrial environments. The Rugged operating system has a hard-coded RSA private key for SSL / TLS communication. The POC code for this vulnerability has been released by Justin W. Clarke of Cylance Inc. According to a report, this vulnerability can be used for SSL between end users and RuggedCom network devices The communication is decrypted. Rugged Operating System is prone to an information-disclosure vulnerability. There is a vulnerability in Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS before 1.14.5, ROX II OS before 2.3.0, and RuggedMax OS before 4.2.1.4621.22

Trust: 3.06

sources: NVD: CVE-2012-4698 // JVNDB: JVNDB-2012-005789 // CNVD: CNVD-2012-9303 // CNVD: CNVD-2012-4389 // BID: 55123 // VULHUB: VHN-57979

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2012-9303 // CNVD: CNVD-2012-4389

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedmax osscope:lteversion:4.2.1.4621.22

Trust: 1.8

vendor:siemensmodel:rox ii osscope:lteversion:2.3.0

Trust: 1.0

vendor:siemensmodel:rox i osscope:lteversion:1.14.5

Trust: 1.0

vendor:siemensmodel:rosscope:lteversion:3.11.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rugged operating systemscope:lteversion:3.11

Trust: 0.8

vendor:siemensmodel:ruggedcom rugged operating system on linux iscope:lteversion:1.14.5

Trust: 0.8

vendor:siemensmodel:ruggedcom rugged operating system on linux iiscope:lteversion:2.3.0

Trust: 0.8

vendor:siemensmodel:ruggedcom rugged operating systemscope:ltversion:3.12

Trust: 0.6

vendor:siemensmodel:rox i osscope:ltversion:1.14.5

Trust: 0.6

vendor:siemensmodel:rox ii osscope:ltversion:2.3.0

Trust: 0.6

vendor:siemensmodel:ruggedmax osscope:ltversion:4.2.1.4621.22

Trust: 0.6

vendor:ruggedcommodel:rugged operating systemscope: - version: -

Trust: 0.6

vendor:siemensmodel:ruggedmax osscope:eqversion:4.2.1.4621.22

Trust: 0.6

vendor:siemensmodel:rox ii osscope:eqversion:2.3.0

Trust: 0.6

vendor:siemensmodel:rox i osscope:eqversion:1.14.5

Trust: 0.6

vendor:siemensmodel:rosscope:eqversion:3.11.0

Trust: 0.6

vendor:ruggedcommodel:rugged operating systemscope:eqversion:3.10.1

Trust: 0.3

sources: CNVD: CNVD-2012-9303 // CNVD: CNVD-2012-4389 // BID: 55123 // JVNDB: JVNDB-2012-005789 // CNNVD: CNNVD-201212-325 // NVD: CVE-2012-4698

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4698
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4698
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201212-325
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57979
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4698
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57979
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57979 // JVNDB: JVNDB-2012-005789 // CNNVD: CNNVD-201212-325 // NVD: CVE-2012-4698

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-57979 // JVNDB: JVNDB-2012-005789 // NVD: CVE-2012-4698

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201208-385 // CNNVD: CNNVD-201212-325

TYPE

information disclosure

Trust: 1.2

sources: CNNVD: CNNVD-201208-385 // CNNVD: CNNVD-201212-325

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005789

PATCH
title:RuggedCom Security Updatesurl:http://www.ruggedcom.com/productbulletin/ros-security-page/
Trust: 0.8
title:Top Pageurl:http://www.siemens.com/entry/cc/en/
Trust: 0.8
title:SSA-622607: RuggedCom Private Key Vulnerabilities for HTTPS/SSL and SSHurl:https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf
Trust: 0.8
title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx
Trust: 0.8
title:シーメンス・ジャパン株式会社url:http://www.siemens.com/answers/jp/ja/
Trust: 0.8
title:Patch for Rugged Operating System Hardcoded Private Key Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/26800
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-9303 // 
            
            
            
            JVNDB: JVNDB-2012-005789

EXTERNAL IDS
db:NVDid:CVE-2012-4698
Trust: 3.4
db:ICS CERTid:ICSA-12-354-01
Trust: 3.1
db:SIEMENSid:SSA-622607
Trust: 1.7
db:BIDid:55123
Trust: 1.6
db:ICS CERTid:ICSA-12-354-01A
Trust: 1.1
db:JVNDBid:JVNDB-2012-005789
Trust: 0.8
db:CNNVDid:CNNVD-201212-325
Trust: 0.7
db:CNVDid:CNVD-2012-9303
Trust: 0.6
db:CNVDid:CNVD-2012-4389
Trust: 0.6
db:CNNVDid:CNNVD-201208-385
Trust: 0.6
db:VULHUBid:VHN-57979
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-9303 // 
            
            
            
            CNVD: CNVD-2012-4389 // 
            
            
            
            VULHUB: VHN-57979 // 
            
            
            
            BID: 55123 // 
            
            
            
            JVNDB: JVNDB-2012-005789 // 
            
            
            
            CNNVD: CNNVD-201208-385 // 
            
            
            
            CNNVD: CNNVD-201212-325 // 
            
            
            
            NVD: CVE-2012-4698

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-354-01.pdf
Trust: 3.1
url:http://www.ruggedcom.com/productbulletin/ros-security-page/
Trust: 1.7
url:https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf
Trust: 1.7
url:http://ics-cert.us-cert.gov/advisories/icsa-12-354-01a
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4698
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4698
Trust: 0.8
url:http://isc.sans.edu/diary.html?storyid=13948http
Trust: 0.6
url:http://www.securityfocus.com/bid/55123
Trust: 0.6
url:http://www.ruggedcom.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-9303 // 
            
            
            
            CNVD: CNVD-2012-4389 // 
            
            
            
            VULHUB: VHN-57979 // 
            
            
            
            BID: 55123 // 
            
            
            
            JVNDB: JVNDB-2012-005789 // 
            
            
            
            CNNVD: CNNVD-201208-385 // 
            
            
            
            CNNVD: CNNVD-201212-325 // 
            
            
            
            NVD: CVE-2012-4698

CREDITS
Justin W. Clarke
Trust: 0.9
sources:
            
            
            BID: 55123 // 
            
            
            
            CNNVD: CNNVD-201208-385

SOURCES
db:CNVDid:CNVD-2012-9303
db:CNVDid:CNVD-2012-4389
db:VULHUBid:VHN-57979
db:BIDid:55123
db:JVNDBid:JVNDB-2012-005789
db:CNNVDid:CNNVD-201208-385
db:CNNVDid:CNNVD-201212-325
db:NVDid:CVE-2012-4698

LAST UPDATE DATE
2025-04-11T22:56:04.841000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-9303date:2012-12-25T00:00:00
db:CNVDid:CNVD-2012-4389date:2012-08-23T00:00:00
db:VULHUBid:VHN-57979date:2013-05-21T00:00:00
db:BIDid:55123date:2013-04-29T20:51:00
db:JVNDBid:JVNDB-2012-005789date:2012-12-25T00:00:00
db:CNNVDid:CNNVD-201208-385date:2012-08-23T00:00:00
db:CNNVDid:CNNVD-201212-325date:2012-12-25T00:00:00
db:NVDid:CVE-2012-4698date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-9303date:2012-12-25T00:00:00
db:CNVDid:CNVD-2012-4389date:2012-08-23T00:00:00
db:VULHUBid:VHN-57979date:2012-12-23T00:00:00
db:BIDid:55123date:2012-08-21T00:00:00
db:JVNDBid:JVNDB-2012-005789date:2012-12-25T00:00:00
db:CNNVDid:CNNVD-201208-385date:2012-08-23T00:00:00
db:CNNVDid:CNNVD-201212-325date:2012-12-24T00:00:00
db:NVDid:CVE-2012-4698date:2012-12-23T21:55:01.437