Skip to content
Awareity
Awareity
Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Resellers
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Siemens Lessons Learned: The Dangers of Default Passwords

By: Awareity
On: July 28, 2010

 

One of the first things security professionals recommend when you install new programs, systems or hardware is that you change the default password immediately.  And, if a system has been breached or is vulnerable to a potential breach, most security professionals recommend your Users change their passwords as a precaution.

Now, what if the password was hard-coded into the system and could not be changed without throwing all systems into chaos and disrupting or halting operations?

And what if the default password for your software had been shared in online forums since 2008?

That would never happen, right…?

Unfortunately this is exactly what has happened to Siemens and their SCADA software.   SCADA (supervisory control and data acquisition) software is commonly used in utilities and has become a popular target for hackers of all types.  For example, Stuxnet malware is targeting Siemens SCADA software, searching for certain software and then applying the hard-coded password to access the access control database.   Once this database is accessed the malware can steal information.  Changing the passwords and blocking the malware’s attempts may create even bigger issues.

So, what are the lessons learned here?

1)      Default passwords are and always will be a major vulnerability.

2)      Passwords should not be hardcoded into a system.

3)      Passwords should not be shared on online forums and if they are, the password should immediately be changed!

4)      Changing passwords should not cause systems to stop working.

 

If you work in a utility or organization utilizing SCADA software…be aware and be prepared.

2010-07-28
Previous Post: CFOs Have Responsibility To Break Down Risk Management Silos
Next Post: Perceptions of Campus Safety – Are You Helping Your Students Feel Safe?

READ MORE:

WATCH MORE:


Get Solutions For Your Challenges!
 
 
 
 
 
 
Don't worry, we will only call if you request "Phone" as your contact preference. We hate spam calls too!


Not seeing the form to request information? Drop us a line and we'll send you more information!

Recent Blog Posts

Oklahoma State Department of Education Launches Awareity’s Prevention Platform & Tools

November 10, 2022

A Screw In Your Tire & Pre-Incident Prevention

August 23, 2022

When You Don’t Know What Others Know…Bad Things Can Happen (and are happening)

June 10, 2022

Reactive and Proactive Prevention Do You Know The Difference?

June 7, 2022

Remembering Virginia Tech…and Learning Too

April 19, 2022

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

| |

Designed using Dispatch Premium. Powered by WordPress.