GradeZero Music Band

Wednesday, July 25, 2012

WinCC default password: 7 years long story

Siemens recently published advisory about vulnerability in WinCC. Default hardcoded MS SQL passwords ('WinCCConnect/2WSXcder', 'WinCCAdmin/2WSXcde.')was used by StuxNet worm for infection. This vulnerability was fixed long time ago in SIMATIC WinCC V7.0 SP2 Update 1 (V 7.0.2.1). Current patchlevel for WinCC is V7.0 SP3 Update 2. Looks like this is kindly reminder.
JFYI, this vulnerability wide known for 7 years from May 2005. First time it published on Siemens forum and publicly disclosed in April 2008.

Link and screenshot for history: http://iadt.siemens.ru/forum/viewtopic.php?p=2974



So correct credits for advisory: Max Prilepsky & Cyber.

PS. Mikko - perfect Cyrillic screen for you slides!

PPS. AC/DC? No way!

No comments:

Post a Comment