Skip to content
Awareity
Awareity

The Pre-Incident Prevention Experts

Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • In The News
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Partners in Prevention
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Siemens Lessons Learned: The Dangers of Default Passwords

By: Awareity
On: July 28, 2010

 

One of the first things security professionals recommend when you install new programs, systems or hardware is that you change the default password immediately.  And, if a system has been breached or is vulnerable to a potential breach, most security professionals recommend your Users change their passwords as a precaution.

Now, what if the password was hard-coded into the system and could not be changed without throwing all systems into chaos and disrupting or halting operations?

And what if the default password for your software had been shared in online forums since 2008?

That would never happen, right…?

Unfortunately this is exactly what has happened to Siemens and their SCADA software.   SCADA (supervisory control and data acquisition) software is commonly used in utilities and has become a popular target for hackers of all types.  For example, Stuxnet malware is targeting Siemens SCADA software, searching for certain software and then applying the hard-coded password to access the access control database.   Once this database is accessed the malware can steal information.  Changing the passwords and blocking the malware’s attempts may create even bigger issues.

So, what are the lessons learned here?

1)      Default passwords are and always will be a major vulnerability.

2)      Passwords should not be hardcoded into a system.

3)      Passwords should not be shared on online forums and if they are, the password should immediately be changed!

4)      Changing passwords should not cause systems to stop working.

 

If you work in a utility or organization utilizing SCADA software…be aware and be prepared.

2010-07-28
Previous Post: CFOs Have Responsibility To Break Down Risk Management Silos
Next Post: Perceptions of Campus Safety – Are You Helping Your Students Feel Safe?

READ MORE:

WATCH MORE:

Not seeing the form to request information? Drop us a line and we’ll send you more information!

Recent Blog Posts

Higher Ed Research facts, silos, and different actions

April 10, 2025

Community Research facts, silos, and different actions

April 10, 2025

K12 Research facts, silos, and different actions

April 3, 2025

Bias-based Decisions Can Be Overcome

December 4, 2024

First Preventers Believe…

October 18, 2024

Rick Shaw, Founder & CEO

Click here to learn more about Founder, CEO, and Prevention Specialist, Rick Shaw.

Awareity on Twitter

Tweets by Awareity

Search

Tweets by Awareity

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

 | |

Designed using Dispatch Premium. Powered by WordPress.

This site uses cookies to ensure that we give you the best experience on our website. Continuing to use this site means you are agreeing to the use of cookies.Ok