This afternoon the DHS ICS-CERT published an
unusual update of an advisory that was published last month for a weak
cryptography for password vulnerability in the RuggedCom operating system (ROS).
The update corrects a poorly worded notice in the overview section of the original
advisory that claimed that RuggedCom had “produced new firmware versions
that resolve the reported vulnerability” (pg 1). As I noted in my earlier
blog on the advisory, that over stated the extent of the mitigation; as a
close reading of the original advisory really did make clear.
The update also announces that firmware updates have been
issued for additional versions of the ROS. At least one additional firmware
update is scheduled to be released “within the next few weeks“ (pg 3). It will
be interesting to see if an additional update is issued when that next firmware
update becomes available. I had half-way expected to see one for each of the
version updates listed in this advisory; hopefully there was some other
communications methodology used to alert system owners when these firmware
updates were made available (and a passive listing on the RuggedCom web site
doesn’t hardly count).
Posts
No comments:
Post a Comment