ByteOS Network

NVD Vulnerability Details :

CVE-2012-4698

Deferred

Source-ics-cert@hq.dhs.gov

Published At-23 Dec, 2012 | 21:55

Updated At-11 Apr, 2025 | 00:51

Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

Siemens AG

>>ros>>Versions up to 3.11.0(inclusive)

cpe:2.3:o:siemens:ros:*:*:*:*:*:*:*:*

Siemens AG

>>rox_i_os>>Versions up to 1.14.5(inclusive)

cpe:2.3:o:siemens:rox_i_os:*:*:*:*:*:*:*:*

Siemens AG

>>rox_ii_os>>Versions up to 2.3.0(inclusive)

cpe:2.3:o:siemens:rox_ii_os:*:*:*:*:*:*:*:*

Siemens AG

>>ruggedmax_os>>Versions up to 4.2.1.4621.22(inclusive)

cpe:2.3:o:siemens:ruggedmax_os:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A	ics-cert@hq.dhs.gov	N/A
http://www.ruggedcom.com/productbulletin/ros-security-page/	ics-cert@hq.dhs.gov	Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf	ics-cert@hq.dhs.gov	US Government Resource
https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf	ics-cert@hq.dhs.gov	Vendor Advisory
http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ruggedcom.com/productbulletin/ros-security-page/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History