SoylentNews

VanderDecken [soylentnews.org] writes:

The Register reports that Advantech EKI series of Modbus-to-TCP gateways have been shipping with a modified SSH daemon that will accept any username and password for authentication [theregister.co.uk]. The devices, which are commonly used in SCADA applications for connecting remote devices to supervisory computers, were previously reported for other vulnerabilities Shellshock and Heartbleed.

In addition to the above problem, a hardcoded debugging username/password was also apparently left in the firmware and active.

Original Submission