Information Security News mailing list archives
Hundreds of Orpak gas station systems can be easily hacked thanks to hardcoded passwords
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 3 May 2019 07:27:03 +0000 (UTC)
https://techcrunch.com/2019/05/02/orpak-gas-station-password/ By Zack Whittaker TechCrunch May 2, 2019Homeland Security’s cybersecurity agency says a popular gas station software contains several security vulnerabilities that require “low skill” to exploit.
The advisory, posted by the Cybersecurity and Infrastructure Security Agency (CISA), gave the Orpak SiteOmat software a rare vulnerability severity rating of 9.8 out of 10.
Orpak’s SiteOmat systems monitor the amount of fuel stored in a gas station’s tanks, as well as their temperature and pressure. The software also sets the price of the gas and processes card payments. Its user interface is password protected, preventing unauthorized access to its data or configuration.
According to the advisory, the software contained a hardcoded password set by the manufacturer, which if used would grant unfettered access to the system.
CISA didn’t publish the password. [...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Hundreds of Orpak gas station systems can be easily hacked thanks to hardcoded passwords InfoSec News (May 03)