Siemens subsidiary RuggedCom’s Rugged Operating System (ROS) contains a vulnerability that could give an attacker the ability to decrypt SSL traffic between RuggedCom networking equipment and end-users, according to an ICS-CERT alert.
Justin W. Clarke, a security researcher at Cylance Inc., disclosed the vulnerability publicly, along with a proof-of-concept exploit code. His report detailed the presence of remotely exploitable key management errors arising from a hard-coded RSA SSL private key in RuggedCom’s ROS. ICS-CERT warns that an attacker could use this key to create malicious communications on RuggedCom network devices.
Clarke told Reuters that the vulnerability is particularly troubling because it expose infrastructure operator communications to potential hackers who could then use it to gain access to and control of critical systems.
ICS-CERT advises that ROS users minimize network exposure to affected devices, locate any devices behind the firewall in order to isolate them from the business network, and utilize secure methods like VPNs in cases where remote access is needed to minimize the risk of exploitation.
This isn’t the first time Clarke has discovered bugs in RuggedCom equipment. Back in April he reported that a number of their products contained easily exploitable back-doors.
RuggedCom is a Siemens subsidiary that manufactures networking equipment designed for use in severe electrical and climactic environments.
ICS-CERT notified RuggedCom about the bug. RuggedCom, ICS-CERT, and Clarke are working together on potential mitigations for the vulnerability.