Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Researchers Out Default Passwords Packaged With ICS/SCADA Wares
Newest First  |  Oldest First  |  Threaded View
fred.gordy
fred.gordy,
User Rank: Apprentice
1/14/2016 | 10:07:26 AM
Building Control System Integrator Perspective
I come from the BMS (building management systems)/FMS (facility management systems) space and tyically we are rolled into ICS/SCADA.  While a close fit, it is not an exact fit.  Our communtiy is trying to design and implement control systems securely.  However, older systems, for the most part, are forgotten.  It is these systems that this list impacts greatly.  Too many of us left behind default username and passwords as well leaving ports set to the default port.  This article emphasizes the need for us, the BMS/FMS integrators, to reach out to our installed customer base and at lease let them know that these systems need have the default settings changed.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
1/6/2016 | 4:37:11 PM
Re: Acronyms
Thank you for sharing this, @Dave. I will definitely keep that in mind for future stories.
DaveS074
DaveS074,
User Rank: Apprentice
1/6/2016 | 3:53:37 PM
Acronyms
This was a very interesting article but I have one peeve, usage of acronyms w/o spelling out their full name at the first use. Given how technical the article is I believe it's necessary (and proper manual of style). Given my casual interest I had to look up quite a few. Otherwise, nice article.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-24157
PUBLISHED: 2023-02-03
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24151
PUBLISHED: 2023-02-03
A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24152
PUBLISHED: 2023-02-03
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24153
PUBLISHED: 2023-02-03
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24154
PUBLISHED: 2023-02-03
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.