CVE-2012-4698 - Vulnerability Details - OpenCVE

Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Ros Rox I Os Rox Ii Os Ruggedmax Os

Configuration 1 [-]

cpe:2.3:o:siemens:ros:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:siemens:rox_i_os:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:siemens:rox_ii_os:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:siemens:ruggedmax_os:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A
http://www.ruggedcom.com/productbulletin/ros-security-page/
http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf
https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2012-12-23T21:00:00

Updated: 2024-08-06T20:42:55.139Z

Reserved: 2012-08-28T00:00:00

Link: CVE-2012-4698

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-12-23T21:55:01.437

Modified: 2024-11-21T01:43:22.643

Link: CVE-2012-4698

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-05-21T09:00:00", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"}, {"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2012-4698", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"}, {"name": "http://www.ruggedcom.com/productbulletin/ros-security-page/", "refsource": "CONFIRM", "url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"}, {"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"}, {"name": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf", "refsource": "CONFIRM", "url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:42:55.139Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2012-4698", "datePublished": "2012-12-23T21:00:00", "dateReserved": "2012-08-28T00:00:00", "dateUpdated": "2024-08-06T20:42:55.139Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:ros:*:*:*:*:*:*:*:*", "matchCriteriaId": "44D6C891-CAB1-498D-B68E-84EF210EB39D", "versionEndIncluding": "3.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:rox_i_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEFF857C-7B35-4E33-AC5A-FE8DDEEC13A4", "versionEndIncluding": "1.14.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:rox_ii_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "7537182F-7500-4FBF-87AB-5617D660676F", "versionEndIncluding": "2.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:ruggedmax_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "9001274A-0A68-4D69-ACEE-A7EDEC408AA8", "versionEndIncluding": "4.2.1.4621.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations."}, {"lang": "es", "value": "Siemens Ruggedcom Rugged Operating System (ROS) antes de v3.12, ROX I OS hasta v1.14.5, ROX II OS hasta v2.3.0 y RuggedMax OS hasta v4.2.1.4621.22 usa claves privadas para comunicaciones SSL y SSH escritas en c\u00f3digo, lo que hace que sea m\u00e1s f\u00e1cil para atacantes man-in-the-middle el crear servidores falsos y descifrar el tr\u00e1fico de red aprovech\u00e1ndose de la disponibilidad de estas claves dentro de los archivos de ROS en todas las instalaciones de los clientes.\r\n"}], "id": "CVE-2012-4698", "lastModified": "2024-11-21T01:43:22.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-23T21:55:01.437", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ruggedcom.com/productbulletin/ros-security-page/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}