Dan Goodin at Ars Technica pointed out something very curious to me yesterday. RuggedCom recently took down their ‘Customers’ page, which includes a list of companies for which RuggedCom is the OEM. Fortunately various search engines keep caches of these things, including the Internet Wayback Machine™.
I have been fascinated with the OEM scene since listening to Sean McBride’s excellent presentation at S4 this past year . Like automotive manufacturers, ICS equipment vendors have some very interesting and sometimes very odd relationships with other vendors. Sometimes these are relationships with embedded OS and library (software), sometimes vendors make hardware for other vendors, and sometimes the relationships extend to both, with the OEM purchaser simply slapping a badge on the front…
In particular, RuggedCom had the following list of companies as OEM purchasers from their historical pages:
– Cooper Power
– General Electric
– Schweitzer Engineering
Dan and I are both curious (and probably Sean, too) if anyone has information on switch lines worth looking at that may be backdoor’d with Justin Clarke‘s RuggedOS vulnerability. I did grab firmwares for the various Siemens Scalance switches. While the logon banners for that switch are similar to the RuggedCom, the firmware is vxWorks running on a different CPU, and appears to be unrelated to RuggedCom’s firmware (at least, via 10 minute analysis).
If you have any info on any products in the vendor list above that run RuggedCom’s firmware, please drop me and/or Dan a line (and ICS-CERT, while you’re at it). He can be reached at dan dot goodin at arstechnica dot com / @dangoodin001. And if you own switches by any of those manufacturers and have the ability to run a quick Python script to gather some information, please get in touch…
Image by denverjeffrey