CVE-2012-1803

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/", "name": "http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/", "name": "http://www.ruggedcom.com/productbulletin/ros-security-page/", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf", "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "refsource": "MISC"}, {"url": "http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars", "name": "http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2012/Apr/277", "name": "20120423 RuggedCom - Backdoor Accounts in my SCADA network? You don't say...", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://www.kb.cert.org/vuls/id/MAPG-8RCPEN", "name": "http://www.kb.cert.org/vuls/id/MAPG-8RCPEN", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/889195", "name": "VU#889195", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/53215", "name": "53215", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0186.html", "name": "20120423 RuggedCom - Backdoor Accounts in my SCADA network? You don't say...", "tags": ["Broken Link"], "refsource": "BUGTRAQ"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-146-01A", "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-146-01A", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75120", "name": "ruggedcom-operating-system-backdoor(75120)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "http://www.exploit-db.com/exploits/18779", "name": "18779", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-1803", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-04-28T00:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.10.1", "versionStartIncluding": "3.2.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-01T16:53Z"}