SCADA: Hard-Coded ICS Credentials Getting Easier to Find

Reblogged from Information Security As I See It:

SCADA: Hard-Coded ICS Credentials Getting Easier to Find

Hard-coded credentials are a longstanding security no-no, but they’re also an ever-present reality because of developers and IT managers who require remote access to networks and systems for troubleshooting purposes.

The level of risk in such cases depends on the system in question. But one thing is sure: researchers and hackers are looking for these built-in passwords and they’re getting easier to find.

Read more… 516 more words

Information Security As I See It

SCADA: Hard-Coded ICS Credentials Getting Easier to Find

Hard-coded credentials are a longstanding security no-no, but they’re also an ever-present reality because of developers and IT managers who require remote access to networks and systems for troubleshooting purposes.

The level of risk in such cases depends on the system in question. But one thing is sure: researchers and hackers are looking for these built-in passwords and they’re getting easier to find.

The Industrial Control System Cyber Emergency Response Team (ICS-CERT) last week released an advisory warning of a vulnerability in all versions of the TURCK BL20 and BL67 Programmable Gateways that could allow an attacker to find the device’s hard-coded password and remotely own one of these devices. TURCK, a German company, said the devices are widely deployed in a number of manufacturing industries, as well as the agriculture and food industries, mainly in the United States and Europe.

TURCK…

View original post 432 more words

Advertisements