Lazy programmer + Bad Tester (if there was any testing at all)
From the article:
Researcher Maxim Rupp discovered the vulnerability in the Nova-Wind Turbine HMI and reported it to the vendor. However, the vendor has been unresponsive
The vulnerability results from the fact that the software stores user credentials in plain text.
“Successful exploitation of this vulnerability allows the ID to be retrieved from the browser and will allow the default ID to be changed. This exploit can cause a loss of power for all attached systems,” an advisory from ICS-CERT says.
For more details:
https://threatpost.com/plaintext-credentials-threaten-rle-wind-turbine-hmi/113354
No comments:
Post a Comment