Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: User credentials stored in plaintext in GmbH Nova-Wind Turbine - Can cause a loss of power for all attached systems

Wednesday, June 17, 2015

User credentials stored in plaintext in GmbH Nova-Wind Turbine - Can cause a loss of power for all attached systems

Lazy programmer + Bad Tester (if there was any testing at all)

From the article:

Researcher Maxim Rupp discovered the vulnerability in the Nova-Wind Turbine HMI and reported it to the vendor. However, the vendor has been unresponsive

The vulnerability results from the fact that the software stores user credentials in plain text.

“Successful exploitation of this vulnerability allows the ID to be retrieved from the browser and will allow the default ID to be changed. This exploit can cause a loss of power for all attached systems,” an advisory from ICS-CERT says.

For more details:
https://threatpost.com/plaintext-credentials-threaten-rle-wind-turbine-hmi/113354

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Wednesday, June 17, 2015

User credentials stored in plaintext in GmbH Nova-Wind Turbine - Can cause a loss of power for all attached systems

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive