"ICS-CERT is aware of a public report of hard-coded RSA SSL private key within RuggedCom's Rugged Operating System (ROS)," the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said in a published Tuesday. "The vulnerability with proof-of-concept (PoC) exploit code was publicly presented by security researcher Justin W. Clarke of Cylance Inc."

"The private key was successfully extracted from the firmware on August 9, and was then presented at the BSidesLA 2012 conference on August 17," Clarke said Wednesday via email.

"This vulnerability does not directly allow for an authentication bypass," Clarke said. "What it allows is for an attacker to decrypt any SSL communication between an end-user's web browser and the RuggedCom device."

In addition, the hard-coded private key could be used in a man-in-the-middle (MITM) attack to impersonate a RuggedCom device without the end user realizing it, Clarke said.

RuggedCom manufactures Ethernet switches, network routers, wireless devices, serial servers, media converters and other communications equipment for use in harsh electrical and climatic environments like those found in electrical power substations, oil refineries, military installations or roadside traffic control cabinets.