The Register® — Biting the hand that feeds IT

Feeds

Insecure SCADA kit has hidden factory account, password

Dept. of Homeland Security urges instant upgrade

By Richard Chirgwin, 5th September 2012
  • print
  • alert

Agentless Backup is Not a Myth

Cylink’s Justin Clarke has tagged another SCADA maker for default insecurity, discovering a hidden factory account – complete with hard-coded password – in switch management software made by Belden-owned GarrettCom.

As the Department of Homeland Security's ICS-CERT advisory (PDF) notes, the company’s Magnum MNS-6K management application allows an attacker to gain administrative privileges over the application and therefore the SCADA switches it manages.

The advisory states that a patch issued in May removed the vulnerability. However, since the vendor’s patch notice didn’t document the change, it’s possible that customers may not yet have implemented it.

Since GarrettCom claims “75 percent of the top 100 power utilities in North America” among its customers, the patch might be regarded as important.

Clarke seems to have struck a rich seam looking for undocumented insecurities in SCADA kit. In April, he sniffed out a similar default account vulnerability in RuggedCom kit, following it up in August with the discovery that the same vendor had a hard-coded RSA key in its switches.

Cylance’s advisory about the vulnerability says that while the factory account is only intended for use over the local console port. However, while not documenting the process, the company says it’s possible for someone logged in via a guest account (which wouldn’t be restricted to the serial port) could get themselves escalated to the factory account. ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections
All Reader Comments (12)
Highly Rated
frank ly
Reply Icon

Re: Backdoors have a reason

"The dude who knew all the passwords died ....."

That's all down to adequate and well maintained company procedures and records, which are often inadequate even if they've been thought about.

Good call on the 'service button'.

6
0
keith.nicholas
Reply Icon

Re: Backdoors have a reason

often they are on their own private network, but then you'll get a PC that needs to bridge two networks so it has access to both, and potential holes are created.

4
0
Wize
Reply Icon

Re: Backdoors have a reason

"Good call on the 'service button'."

Been doing that kind of thing long before the days of the internet.

Dial up access to site with full control of SCADA and PLC. To prevent anyone guessing the number, the modem was left disconnected and only plugged in when site requested help and we told them to plug/unplug it.

3
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17