Stay updated on the latest news from
the makers of Nexus
Secret Account In Mission-Critical Router Opens Power Plants To Tampering
by Ali Loney on September 04, 2012

Tags: security, AppSec Spotlight

Ars Technica – (International) Secret account in mission-critical router opens power plants to tampering. DHS’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned power utilities, railroad operators, and other large industrial players of a weakness in a widely used router that leaves them open to tampering by untrusted employees. The line of mission-critical routers manufactured by Fremont, California-based GarrettCom contains an undocumented account with a default password that gives unprivileged users access to advanced options and features, an expert in the security of industrial control systems told Ars Technica. The ―factory account‖ makes it possible for untrusted employees or contractors to significantly escalate their privileges and then tamper with electrical switches or other industrial controls that are connected to the devices. ICS-CERT issued an advisory recommending that users of the GarrettCom devices install a security update that locks down the factory account.


Recent Posts

Posts by Topic

see all

Get Blog Updates