CVE-2012-2441

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf", "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "refsource": "MISC"}, {"url": "http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars", "name": "http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/", "name": "http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/889195", "name": "VU#889195", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.ruggedcom.com/productbulletin/ros-security-page/", "name": "http://www.ruggedcom.com/productbulletin/ros-security-page/", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://seclists.org/fulldisclosure/2012/Apr/277", "name": "20120423 RuggedCom - Backdoor Accounts in my SCADA network? You don't say...", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75244", "name": "ruggedcom-unauth-access(75244)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-521"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-2441", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-04-28T00:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.3.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-01T16:53Z"}