Home AMX User Forum AMX General Discussion

Security flaw with RuggedCom devices

PhreaKPhreaK Posts: 966
in AMX General Discussion
Just a heads up for anyone using any RuggedCom devices (switches, serial -> IP gateways etc) in their systems. There's recently been a rather large security flaw announced in ROS. Basically they've got a backdoor account that can't be modified or disabled. Full info on the Full Disclosure mailing list.

Comments

  • jimmywjimmyw Posts: 112
    PhreaK wrote: »
    There's recently been a rather large security flaw announced in ROS. [/url].

    This has been known about for almost 2 years now :P
    Naively at first I considered it useful, then I realized what a nightmare it is. Backdoor accounts are good for maintenance and service, but FFS dont base them as a direct result of the MAC, generate a random 64 char password and store it in a private database that is keyed to the MAC on a secured server at RuffedCom HQ!
  • PhreaKPhreaK Posts: 966
    jimmyw wrote: »
    This has been known about for almost 2 years now :P
    It's been known for a while, but was only announced on Monday due to lack of action by the vendor.
  • John NagyJohn Nagy Posts: 1,742
    I wonder if this was disclosed to Siemens who bought them just last month.
  • rfletcherrfletcher Posts: 217
    John Nagy wrote: »
    I wonder if this was disclosed to Siemens who bought them just last month.

    They probably wouldn't care, since Siemans isn't terribly good about fixing problems in their own logic controllers.
  • AuserAuser Posts: 506
    Nor their trains.
Sign In or Register to comment.