Best Practices for Password Management in Industrial Automation

The Risks of "All PLC & HMI Password Unlock Tools": What Every Automation Engineer Should Know

The tools available in the public domain generally fall into two categories:

The primary danger of downloading these tools is the high probability of infecting your industrial network with malware. In July 2022, the industrial cybersecurity company Dragos published research on a threat actor distributing "password recovery" software for 15 major vendors (Omron, Siemens, Mitsubishi, Rockwell, etc.). While the tool successfully exploited a vulnerability (CVE-2022-2003) to retrieve a password, it also quietly installed the Sality malware in the background.

Delta allows a complete memory clear via software to reset the password, but the original logic cannot be recovered.

Is the machine currently , or is it down for maintenance?

: Store all PLC and HMI passwords in an encrypted enterprise password manager accessible only to authorized personnel.

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.