Default Credentials

Description

Adversaries may leverage manufacturer or supplier set default credentials on control system devices. These default credentials may have administrative permissions and may be necessary for initial configuration of the device. It is general best practice to change the passwords for these accounts as soon as possible, but some manufacturers may have devices that have passwords or usernames that cannot be changed.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Vulnerability ManagementComputerActive vulnerabilities detected by Tenable Vulnerability Management plugins
Tenable OT SecurityOT DeviceActive vulnerabilities detected by detected by Tenable OT Security plugins

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Lateral Movement

Sub-Technique: Default Credentials

Platform: OT

Tenable Release Date: 2024 Q2