Skip to content
Awareity
Awareity

The Pre-Incident Prevention Experts

Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Resellers
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Siemens Lessons Learned: The Dangers of Default Passwords

By: Awareity
On: July 28, 2010

 

One of the first things security professionals recommend when you install new programs, systems or hardware is that you change the default password immediately.  And, if a system has been breached or is vulnerable to a potential breach, most security professionals recommend your Users change their passwords as a precaution.

Now, what if the password was hard-coded into the system and could not be changed without throwing all systems into chaos and disrupting or halting operations?

And what if the default password for your software had been shared in online forums since 2008?

That would never happen, right…?

Unfortunately this is exactly what has happened to Siemens and their SCADA software.   SCADA (supervisory control and data acquisition) software is commonly used in utilities and has become a popular target for hackers of all types.  For example, Stuxnet malware is targeting Siemens SCADA software, searching for certain software and then applying the hard-coded password to access the access control database.   Once this database is accessed the malware can steal information.  Changing the passwords and blocking the malware’s attempts may create even bigger issues.

So, what are the lessons learned here?

1)      Default passwords are and always will be a major vulnerability.

2)      Passwords should not be hardcoded into a system.

3)      Passwords should not be shared on online forums and if they are, the password should immediately be changed!

4)      Changing passwords should not cause systems to stop working.

 

If you work in a utility or organization utilizing SCADA software…be aware and be prepared.

2010-07-28
Previous Post: CFOs Have Responsibility To Break Down Risk Management Silos
Next Post: Perceptions of Campus Safety – Are You Helping Your Students Feel Safe?

READ MORE:

WATCH MORE:


Get Solutions For Your Challenges!
 
 
 
 
 
 
Don't worry, we will only call if you request "Phone" as your contact preference. We hate spam calls too!


Not seeing the form to request information? Drop us a line and we'll send you more information!

Recent Blog Posts

School Safety: If you needed surgery for a tumor, which surgeon would you choose?

October 2, 2023

Early Detection in Cancer, Shooters, and Other At-Risk Individuals

October 2, 2023

Improving Safety Depends on Knowing What You Don’t Know, What Others Know, and Need to Know…

July 6, 2023

We Have Lots of Laws, Why Are We Experiencing Record Levels of Shootings and Violence?

June 22, 2023

A Better Way: Pre-Incident Prevention

June 21, 2023

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

 | |

Designed using Dispatch Premium. Powered by WordPress.