It has been reported that Homeland Security’s cybersecurity agency says a popular gas station software contains several security vulnerabilities that require “low skill” to exploit. The advisory, posted by the Cybersecurity and Infrastructure Security Agency (CISA), gave the Orpak SiteOmat software a rare vulnerability severity rating of 9.8 out of 10. According to the advisory, the software contained a hardcoded password set by the manufacturer, which if used would grant unfettered access to the system.
https://twitter.com/zackwhittaker/status/1124040208259977217
Expert Comments:
Sam Curry, Chief Security Officer at Cybereason:
“Sadly, these latest headlines should not be a surprise to anyone because these weaknesses are in place and they are everywhere. That’s not an excuse. This is a wake up call to take security seriously, early and often. Hard coded passwords are inexcusable, and lack of vulnerability and patch processes and mechanisms no less so. This can be fixed if Orpak cares enough to exercise its muscle and use its clout on its suppliers. If not, we may all suffer. It will take time to get to a better place, but its suppliers should be terrified right now. Imagine a world where disaster has happened because of this. After incidents there are only heroes and villains in the corporate world. You don’t get to say poor me… I’m the victim here. And if you knew ahead of time and did nothing, guess which role you will get assigned by the media and history? Assuming you want to be a hero, act now and from now on.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.