Does your power plant or factory have a hard coded password?

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

Status
Not open for further replies.
P

PHolder

Well-known member
Sep 16, 2020
1,027
2
456
Ontario, Canada
There is no such thing as a safe hard coded password. This one could
really hurt if it gets abused:

arstechnica.com

Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10

Critical authentication bypass flaw affects the entire Logix product line.
arstechnica.com arstechnica.com

"tracked as CVE-2021-22681"

Rockwell Automation Logix Controllers (Update A) | CISA

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Vulnerability: Insufficiently Protected Credentials 2.
us-cert.cisa.gov us-cert.cisa.gov
 
  • Like
Reactions: rfrazier
Status
Not open for further replies.

Similar threads

P
  • Locked
Zyxel hard coded password vulnerability
Replies
1
Views
529
Security
Intuit
I
J
Use a max length password.... or not?
Replies
2
Views
235
Security
PHolder
P
A
  • Locked
Keep a close watch on your Kia or Hyundai
Replies
3
Views
497
Security
SeanBZA
S
J
  • Locked
Is there a local-system-only (Win/IOS/Mac) password manager that is Yubikey (or similar) capable?
Replies
12
Views
1K
Security
PHolder
P
Lob
The Crapola Hall of Shame: Sites with myopically weak or dumb password limitations
Replies
5
Views
313
Security
Darcon
D
Top Bottom