[Ics-security] Fwd: US Distribution Only - Medium-[ICS-CERT] ICSA-12-249-02 - WAGO IO 758 Default Linux Credentials

Kelly Mahoney mahoney at jlab.org
Thu Sep 6 08:46:53 EDT 2012 

*** As far as I know, this notification is for distribution in the US 
ONLY.    If you know of colleagues using the WAGO System 758 outside of 
the US please do not forward this message or the link to DHS.   I am 
sure it is OK to have them check with WAGO or their own CERT 
organization for advice and tech support.


  http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-02.pdf


A PR search did not turn up WAGO controllers in the JLab PR system. 
However, I know for a fact that these are used in some EPICS 
installations around the world because they run Linux.    It is also 
possible that they are installed as OEM equipment in things like power 
supplies and magnet controllers.

It is often the case that an early alert on a specific product also 
applies to a broader line of products from the same manufacturer or 
rebranded models from the same OEM.   Similarly, the OS is almost always 
a third part product.


Two other messages:
1.) Before buying programmable controllers, smart cards, PC104's, smart 
panels etc... verify with the manufacturer that there are no hard coded 
log-in credentials.  (And always keep a copy of the password(s) in a 
secure location).
2.) Make sure you change default log-in credentials on any equipment you 
manage.

Kelly Mahoney



-------- Original Message --------
Subject: 	Medium-[ICS-CERT] ICSA-12-249-02 - WAGO IO 758 Default Linux 
Credentials
Date: 	Wed, 5 Sep 2012 17:35:17 -0400 (EDT)
From: 	ICS CERT (CS) <notifications at espgroup.net>
Reply-To: 	ics-cert at dhs.gov
To: 	mahoney at jlab.org



ICS-CERT has released the Advisory titled ICSA-12-249-02 - WAGO IO 758 Default Linux Credentials, that can be accessed at www.ics-cert.org or directly through the following link:
  
  http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-02.pdf
  
  



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.jlab.org/pipermail/ics-security/attachments/20120906/6c98edd9/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mahoney.vcf
Type: text/x-vcard
Size: 203 bytes
Desc: not available
Url : https://mailman.jlab.org/pipermail/ics-security/attachments/20120906/6c98edd9/attachment.vcf

More information about the ICS-Security mailing list