The RuggedCom SCADA OS is vulnerable

The problem is that the RuggedCom software, owned by Siemens, uses a single software key to decode encrypted traffic; and that this key can be easily extracted.

The ICS-CERT alert refers to Justin W. Clarke of Cylance Inc’s public report. “According to this report, the vulnerability can be used to decrypt SSL traffic between an end user and a RuggedCom network device.” It says the vulnerability is remotely exploitable and can lead to loss of system integrity; and adds that ICS-CERT “is currently coordinating with the vendor and security researcher to identify mitigations.”

According to Reuters, however, this won’t be easy. “Clarke said that [the] problem will be tough to fix because all Rugged Operating System software uses a single software ‘key’ to decode traffic that is encrypted as it travels across the network. He told Reuters that it is possible to extract that ‘key’ from any piece of RuggedCom's Rugged Operating System software.”

The problem is that once hackers can spy on encrypted RuggedCom traffic, it would be possible to steal legitimate credentials and gain access to critical systems. “If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you,” Clarke told Reuters.

The potential damage that can be caused to critical systems if hackers can get to the inside has been a hot topic ever since Stuxnet was used to attack the Iranian nuclear program. ICS-CERT makes three interim recommendations pending a full solution to the vulnerability. These include isolating control system networks from the business network behind a firewall, minimizing contact with the internet, and where remote access is necessary “employ secure methods, such as Virtual Private Networks (VPNs).”

This is the second flaw in RuggedCom systems discovered by Clarke. In May the company had to issue an update to its software following his earlier disclosure that it contained an undisclosed backdoor account that could give hackers remote access to the equipment with an easily obtained password.

The RuggedCom SCADA OS is vulnerable

You may also like

Catch me if you can

The lessons of Shamoon and Stuxnet ignored: US ICS still vulnerable in the same way

Windows XP’s Time Has Come…and Gone

ICS-CERT reports two hacks on building management systems

Unprotected backdoor into industrial control systems

What’s hot on Infosecurity Magazine?

Alarming Decline in Cybersecurity Job Postings in the US

CrushFTP File Transfer Vulnerability Lets Attackers Download System Files

MITRE Reveals Ivanti Breach By Nation State Actor

How to Backup and Restore Database in SQL Server

Russia's Sandworm Upgraded to APT44 by Google's Mandiant

Massive Brute-Force Attack on Alibaba Affects Millions

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Report Suggests 93% of Breaches Lead to Downtime and Data Loss

US Government and OpenSSF Partner on New SBOM Management Tool

NIST Unveils New Consortium to Operate National Vulnerability Database

EU Elections: Pro-Russian Propaganda Exploits Meta's Failure to Moderate Political Ads

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Beyond Passwords: Securing the Digital Age with MFA, 2FA, and Passwordless Authentication

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024