“A sophisticated new piece of malware that targets command-and-control software installed in critical infrastructures uses a known default password that the software maker hard-coded into its system. The password has been available online since at least 2008, when it was posted to product forums in Germany and Russia.

The password protects the database used in Siemens’ Simatic WinCC SCADA system, which runs on Windows operating systems. SCADA, short for ‘supervisory control and data acquisition,’ systems are programs installed in utilities and manufacturing facilities to manage the operations. SCADA has been the focus of much controversy lately for being potentially vulnerable to remote attack by malicious outsiders who might want to seize control of utilities for purposes of sabotage, espionage or extortion.”

(SCADA System’s Hard-Coded Password Circulated Online for Years | Threat Level | Wired.com)