ABB TropOS (Update A)

CVSS v3 6.8 Vendor: ABB Equipment: TropOS Vulnerabilities: Security Features UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-318-02 ABB TropOS that was published November 14, 2017, on the NCCIC/ICS-CERT website. AFFECTED PRODUCTS ABB reports that th...

CVE-2012-4898

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...

Design/Logic Flaw

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...

CVE-2012-4898

CVE-2012-4898 affects Tropos Networks’ Mesh OS prior to 7.9.1.1. The vulnerability stems from insufficient entropy used to generate SSH host keys, enabling a remote attacker to perform a Man-in-the-Middle attack by exploiting knowledge of non-unique keys from another installation. Impact includes...

PT-2012-5647 · Tropos · Mesh Os

Name of the Vulnerable Software and Affected Versions: Tropos wireless mesh routers Mesh OS versions prior to 7.9.1.1 Description: The issue is related to insufficient entropy for SSH keys, making it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by...