RuggedCom Security Updates

Concord, Ontario, Canada (February 19, 2014) –

Version 3.12.4 of the ROS® firmware, has been released today, February 19, 2014, and can be obtained by requesting support at support.automation.siemens.com or by contacting support@ruggedcom.com.

ROSv3.12.4 is a minor release with fixes to known issues and some feature enhancements.

A potential vulnerability in the implementation of the SNMP protocol might allow attackers to perform a Denial-of-Service attack on the affected devices over the network without authentication.

Detailed information about the vulnerability is provided in the Siemens Security Advisory ssa-892342.
The fix for this vulnerability is available in ROSv3.12.4 and can be obtained by contacting Siemens Ruggedcom Support.


Concord, Ontario, Canada (December 7, 2012) –

Please refer to the release notes for the complete list of changes.

RuggedCom has released a new version of the Rugged Operating System (ROS®) v3.12

ROS® v3.12 fixes security issues found in previous versions and adds in a variety of new features, including:

The efforts to implement the improvements in functionality, reliability and security are considerably more than originally estimated as is the complexity of required changes. As a result, RuggedCom has decided to package this upgrade version of ROS as a major release to be designated as ROS 3.12.

Given the extent and complexity of the changes, it is not possible to back port these upgrades to previous versions of ROS.

Customers who wish to implement these improvements will need to standardize on ROS 3.12.

Reference:

Siemens Security Advisory SSA-826381


Concord, Ontario, Canada (November 16, 2012) –

On August 31st, 2012, RuggedCom advised its customers of a vulnerability in the RuggedCom Rugged Operating System(ROS). The following is an update on the status of the vulnerability and the plan to provide a resolution.

RuggedCom is implementing significant upgrades and enhancements to the ROS product including:

The efforts to implement the improvements in functionality, reliability and security are considerably more than originally estimated as is the complexity of required changes. As a result, RuggedCom has decided to package this upgrade version of ROS as a major release to be designated as ROS 3.12.

Given the extent and complexity of the changes, it is not possible to back port these upgrades to previous versions of ROS.

Customers who wish to implement these improvements will need to standardize on ROS 3.12.

Our current plan is to make ROS 3.12 generally available to all of our customers by Dec. 7,2012.


Concord, Ontario, Canada (August 31st, 2012) —

RuggedCom Private Key Vulnerabilities for HTTPS/SSL and SSH

Summary:

A vulnerability in the RuggedCom Rugged Operating System (ROS) was recently publicly presented by a security researcher.  ICS-CERT published an ALERT (12-234-01 Key Management Errors in RuggedCom’s Rugged Operating System) on Aug.21, 2012 to advise the control system community.

The reported vulnerability can be used by an attacker to eavesdrop and decrypt HTTPS/SSL traffic or SSH traffic between a user (administrator) and a RuggedCom ROS device. In addition, a Man-in-the-Middle (MITM) attack is possible and an attacker could use intercepted data to compromise the device.

Further analysis by RuggedCom has revealed that similar vulnerabilities apply to the ROX (ROX I and ROX II) operating system firmware and the RuggedMax operating system firmware. A fix for the identified vulnerability in ROX is already available.  For the SSH service of RuggedMax a temporary fix for the identified vulnerability is also available.

AFFECTED PRODUCTS

DESCRIPTION

ROS Devices

ROS provides management and configuration facilities via HTTPS/SSL and SSH. The private keys used for device management communication have been discovered and publicly disclosed by a researcher. Since these keys are hardcoded within RuggedCom’s Rugged Operating System (ROS), all keys in the affected ROS devices are considered to be compromised.

An attacker can use the private keys for eavesdropping on the management communication between a user and ROS device.  By performing a Man-in-the-Middle (MITM) attack, an attacker could successfully obtain and change the configuration and management data being supplied to the ROS device or the data being collected from the ROS device.

If the attacker also obtains the username and password information by such eavesdropping, the information can be used to run further attacks against the ROS device, including the capability to fully compromise the device.

The vulnerability has no impact on traffic passing through the RuggedCom ROS device.

ROX Devices

As shipped from the factory, ROX devices may have the same private keys for encrypted HTTPS/SSL and SSH communications (Please note that these are different than the ROS keys mentioned above).  These keys can be discovered within the devices.  This vulnerability can be mitigated by simply changing the private keys on the ROX device.  Please consult the Solution Section of this document for further details.

The vulnerability has no impact on traffic passing through the RuggedCom ROX devices.

RuggedMAX Devices

RuggedMAX Base station devices (WiN7XXX) will generate a unique SSH key at the time of first boot.  RuggedMAX subscriber units (Win5xxx) are all loaded with the same SSH key at the factory.  The SSH key can be discovered within these devices.  A fix for this issue that allows customers the capability to generate new SSH keys is outlined in the Solution Section of this document.

For HTTPS access, the private key is the same for each base station device.  The HTTPS key can be discovered within the base station device.  Please consult the Solution Section of this document for a temporary solution.

The vulnerability has no impact on traffic passing through the RuggedMax devices.

Mitigating factors:

The attacker must have access to the communication between the user (administrator) and the managed RuggedCom device and have the capability to identify the traffic used for configuration and management of the RuggedCom device. The attack requires the capability to run a MITM attack without detectable impact on the communication between a user and the RuggedCom Device.

SOLUTION

ROS Devices

RuggedCom is currently working to prepare a software update addressing the identified vulnerability in the ROS based devices.

Until a fix for the related vulnerability is released, customers are asked to perform the management and configuration of the RuggedCom ROS devices in a secure manner.  Make sure that no attacker can intercept/manipulate the traffic between administrator and ROS devices. Customer may also contact RuggedCom’s Customer Support Team (http://www.ruggedcom.com/services/technical/) for support.

ROX Devices

ROX device customers are strongly encouraged to change their SSL and SSH keys. 
Application notes exist that explain how to change the SSL and SSH keys.  Please consult
App Note AN17 for ROX1.x versions of the firmware and App Note AN16 for ROX 2.x
For further details, please contact RuggedCom’s Customer Support Team.

RuggedMAX Devices

SSH Service

For RuggedMax SSH service, the customer has the capability to generate new keys.  Each device (subscriber or base station) can be triggered to generate a new SSH key by deleting the current key.  Customers are strongly encouraged to generate new keys.  A procedure on how to generate a new SSH key can be obtain from RuggedCom Customer Support Team.

HTTPS Service

For the HTTPS access, a temporary solution exists with the current version of software to
disable HTTPS access.  For details on this procedure please contact the RuggedCom
Customer Support Team.  

Additionally, the following general recommendations should be observed when deploying 
Ruggedcom devices:

Support team contact details:
Tel: 1 (866) 922-7975 or +1 (905) 856-5288
Email: support@ruggedcom.com



 

Concord, Ontario, Canada (August 21, 2012) —

RuggedCom was notified by ICS-CERT about a vulnerability discovered by Justin W. Clarke of Cylance Inc. in RuggedCom's Rugged Operating System (ROS®). According to the security researcher, the vulnerability can be used to decrypt SSL traffic between an end user and a RuggedCom network device. On the 21st of August, ICS-CERT published ICS-ALERT 12-234-01 to document this case.

Specialists from Siemens and RuggedCom are investigating this issue and will provide information updates as soon as they become available.




Concord, Ontario, Canada (June 19, 2012) —

Version 3.11.0 of the ROS® firmware with security related fixes and a variety of new features, has been released today, Tuesday June 19, 2012, and can be obtained by emailing support@ruggedcom.com.

Along with the security issues addressed below, ROS 3.11.0 incorporates several new features including:

To address security issues, the following changes are included in all of the new ROS® firmware versions:

Note: These changes to the ROS® firmware remove the factory account and the associated security vulnerability. Customers using the new version of the firmware should take special care not to lose the user defined password to a device’s admin account as recovering from a lost admin password will now require physical access to the device to reset the passwords.

RuggedCom recommends that customers using ROS® versions older than v3.7 upgrade to a newer version.




Concord, Ontario, Canada (June 1, 2012)

Versions 3.9.3, 3.8.5 and 3.7.9 of the ROS® firmware with security related fixes have been released today, Friday June 1, 2012, and can be obtained by emailing support@ruggedcom.com.

ROS® 3.11.0, a new firmware release containing additional functionality as well as the same security fixes, will be released within the next few weeks as development and testing is completed.  A Product Bulletin will be released to notify you when ROS 3.11.0 is available.

To address security issues, the following changes are included in all of the new ROS® firmware versions:

Note:  These new versions of the ROS® firmware remove the factory account and the associated security vulnerability. Customers using these new versions of the firmware should take special care not to lose the user defined password to a device’s admin account as recovering from a lost admin password will now require physical access to the device to reset the passwords.

RuggedCom recommends that customers using ROS® versions older than v3.7 upgrade to a newer version, however if this is not possible, we will address updates to older versions of the firmware on a case-by-case basis.

Reference:

ICS-Alert-12-146-01

NERC Alert A-2012-05-07-01

Siemens Security Advisory SSA-826381




Concord, Ontario, Canada (May 18, 2012) —

Version 3.10.1 of the ROS® firmware with security related fixes will be released on Tuesday May 22, 2012 and can be obtained by emailing support@ruggedcom.com.

Other ROS® firmware versions containing the same security fixes (3.9.3, 3.8.5, 3.7.9 & 3.11.0) will be released over the next few weeks on a staggered basis as development and testing is completed.
A Product Bulletin will be released to notify you when each of the new versions is available.

To address security issues, the following changes are included in all of the new ROS® firmware versions:

Note: These new versions of the ROS® firmware remove the factory account and the associated security vulnerability. Customers using these new versions of the firmware should take special care not to lose the user defined password to a device’s admin account as recovering from a lost admin password will now require physical access to the device to reset the passwords.

RuggedCom recommends that customers using ROS® versions older than v3.7 upgrade to a newer version, however if this is not possible, we will address updates to older versions of the firmware on a
case-by-case basis.

Reference:





Concord, Ontario, Canada (April 27, 2012) —


This bulletin provides clarification on RuggedCom's ROS “factory backdoor” security issue and our plans for providing a solution.

Please note that RuggedRouter(RX1000,RX1100) & RuggedBackBone(RX15xx, RX5000) products are not affected by this vulnerability. These products are designed to protect and secure operations networks that must be directly connected to the Internet or other untrusted systems. These products use our ROX operating system that is based on Debian Linux and the user controls all passwords including root access.

The factory backdoor exists only with RuggedCom ROS based products that are dominated by layer 2 Ethernet switches and serial-to-Ethernet converters. The affected model numbers are listed in the table below:

Layer 2 switches & servers

Small Layer 2 switches

RSG2100, RSG2100P, RSG2200, RSG2288, RSG2300, RSG2300P, RS969, RS416, RS416P, M2100, M2200, M969, RS8000, RS8000T, RS8000H, RS8000A, RS1600, RS1600T, RS1600F, RS400, RS401, RMC30

RS900, RS900L, RS900W, RS910, RS910L, RS910W, RS920L, RS920W, RS930L, RS930W, RS900M, RS900G, RS900GP, RS940G, i800, i801, i802, I803, RP110

The secure shell (ssh) and web access (https) do not have the backdoor access as of ROS version 3.3 and above, however telnet, remote shell (rsh) and serial console do have the backdoor access in these versions.  Earlier versions of the ROS software (prior to v3.3) have the backdoor access within all these services (ssh, https, telnet, rsh and the serial console).  Telnet and rsh are services that are still in use by our customers and therefore continued support is necessary within ROS.

Please see the table below for affected versions:

ROS Version

Services with Backdoor Access

 

Serial Console

ssh

https

telnet

rsh

3.2.x or less

Yes

Yes

Yes

Yes

Yes

3.3.x or greater

Yes

No

No

Yes*

Yes*

* Telenet and rsh can be disabled in all versions of ROS 3.3.x or greater.

In the next few weeks, RuggedCom will be releasing new versions of ROS firmware that removes the undocumented factory account. The debugging tools accessible previously by the factory login will instead, in the new versions, only be available once an administrator with a valid user id and password has logged into the device. Recognizing that our customers often standardize on a specific version of ROS, we will release updates for ROS v3.7, 3.8, 3.9, and 3.10. We recommend that customers using ROS versions older than v3.7 upgrade to a newer version, however if this is not possible, we will address software updates to older versions of the software on a case by case basis.

In addition to eliminating the factory backdoor, telnet and rsh services will be disabled by default. This change will result in newly shipped ROS devices having telnet and rsh disabled. It also results in telnet and rsh being disabled after loading factory default settings. This change has no impact on the operational status of telnet or rsh after a firmware upgrade.

There are two classifications of ROS firmware:

  1. Export controlled that includes cryptography keys greater than 56 bits.
  2. Non Controlled (NC) that uses 56 bit cryptography keys, rendering ssh and https inoperable. For this reason, ROS NC firmware updates will only remove the factory backdoor; telnet and rsh will remain enabled by default.

Lastly, within the next few weeks, RuggedCom will be enhancing the free RuggedExplorer software to make it a little easier to upgrade firmware and change ROS configuration parameters, which will help users with larger networks deploy our recommendations. The enhancement allows bypassing of the auto discovery process so that users may instead provide a static file of ROS device IP addresses.

RuggedCom plans to have all the above-mentioned upgrades to ROS firmware and RuggedExplorer available through our customer support channel within the next few weeks and will issue another bulletin containing further details at that time.

Jim Slinowsky
Vice President of Marketing
RuggedCom

 

For further questions please contact our customer support team at:

Telephone: 1-866-922-7975

Email: support@ruggedcom.com

 


Concord, Ontario, Canada (April 26, 2012) —

RuggedCom recommends to our ROS customers that they disable device access via Telnet and RSH after initial device configuration is complete. Leaving these protocols enabled represents a security issue that is currently under investigation by RuggedCom.

The issue identified by the researcher is a facility to support customers in recovering access to ROS products whose passwords have been lost. With Telnet and RSH disabled, the only way to access a ROS device when the password is lost is through a local connection (I.e. physically plugging in to the console port). The factory user name and password (unique to each device) are then used to login to the device and reset the password so secure remote access can be re-established.

RuggedCom is continuing to investigate this issue and will provide updates as more information becomes available.

We thank the researcher, Justin W. Clarke, for reporting this vulnerability.