CVE-2012-4698

2012-12-2321:55:01

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

41.8%

JSON

Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.

Affected configurations

Nvd

Node

siemensrosRange≤3.11.0

Node

siemensrox_i_osRange≤1.14.5

Node

siemensrox_ii_osRange≤2.3.0

Node

siemensruggedmax_osRange≤4.2.1.4621.22

VendorProductVersionCPE
siemensros*cpe:2.3:o:siemens:ros:*:*:*:*:*:*:*:*
siemensrox_i_os*cpe:2.3:o:siemens:rox_i_os:*:*:*:*:*:*:*:*
siemensrox_ii_os*cpe:2.3:o:siemens:rox_ii_os:*:*:*:*:*:*:*:*
siemensruggedmax_os*cpe:2.3:o:siemens:ruggedmax_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	ros	*	cpe:2.3:o:siemens:ros::::::::
siemens	rox_i_os	*	cpe:2.3:o:siemens:rox_i_os::::::::
siemens	rox_ii_os	*	cpe:2.3:o:siemens:rox_ii_os::::::::
siemens	ruggedmax_os	*	cpe:2.3:o:siemens:ruggedmax_os::::::::