14 DAY TRIAL // Security researcher Justin Clarke of Cylance Inc has identified a serious vulnerability in RuggedCom’s Rugged Operating System (ROS). The Department of Homeland Security’s ICS-CERT has issued an alert to ensure that users can protect themselves against potential attacks while the problem is addressed by the company.
The key management errors which affect industrial networking equipment that relies on ROS can be leveraged to decrypt the SSL traffic between a RuggedCom device and the user.
“Justin W. Clarke publicly reported that the RSA Private PKI key for SSL communication between a client/user and a RuggedCom switch can be identified in the ROS. An attacker may use the key to create malicious communication to a RuggedCom network device,” the advisory reads.
The firm has been made aware of the existence of these flaws and they’re currently working with ICS-CERT to address them.
Until a permanent fix is released, ICS-CERT advises customers to minimize network exposure for all control systems. They also recommend the use of Virtual Private Networks for secure remote access.
Finally, organizations should place the sensitive control system networks behind firewalls and isolate them from the business infrastructure, which may be more vulnerable.
In case any malicious activities are detected, the affected companies should notify ICS-CERT immediately.
This isn’t the first time this year when a security hole is identified in ROS. Back in April, the United States Computer Emergency Readiness Team (US-CERT) warned that a hard-coded user account with a predictable password existed.
At the time, experts found that an attacker who knew the device’s MAC address could have logged in to the device as an administrator from an account called “factory.” The password for this account was based on the MAC address and could have been reverse engineered without difficulty.