Scary stuff from Dan Goodin … Secret account in mission-critical router opens power plants to tampering:
The branch of the US Department of Homeland Security that oversees critical infrastructure has warned power utilities, railroad operators, and other large industrial players of a weakness in a widely used router that leaves them open to tampering by untrusted employees.
The line of mission-critical routers manufactured by Fremont, California-based GarrettCom contains an undocumented account with a default password that gives unprivileged users access to advanced options and features, Justin W. Clarke, an expert in the security of industrial control systems, told Ars. The "factory account" makes it possible for untrusted employees or contractors to significantly escalate their privileges and then tamper with electrical switches or other industrial controls that are connected to the devices.
GarrettCom boxes are similar to regular network routers and switches except that they're designed to withstand extreme heat and cold, as well as dry, wet, or dusty conditions.