The Department of Homeland Security (DHS) issued a security alert Monday for an Ethernet add-on for the Schneider Electric Quantum programmable logic controller (PLC). Such controllers can be used to help manage industrial processes inside everything from physical manufacturing plants and printing presses to prisons and power plants.

According to the DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which released the alert Monday, the Schneider Electric Quantum Ethernet Module contains multiple, hardcoded credentials, which means that an attacker could use them to bypass the device’s built-in authentication mechanism and access the module’s functions.

via InformationWeek Government, continued here.