ICS/SCADA researchers leak default passwords of popular industry systems


Russian Industrial Controls Systems Supervisory Control and Data Acquisition (ICS/SCADA) researchers posted a list of industrial products that ship with default passwords in an effort to urge vendors to implement better security controls, a move some feel could cause more harm than good.

Jonathan Sander, vice president of product strategy at Lieberman Software told SCMagazine.com that “anyone finding themselves at risk for having default passwords needs to look in the mirror” because some of the fault falls on the IT professional who didn't change the credentials after purchasing the systems.

Sander said the product list and password dump may cause some companies to take inventory and secure vulnerable systems but added it also created new and unnecessary risks to the companies because it exposes them while they try to identify whether or not their systems are protected by a weak password.