Vendor: Echelon Corporation
Many of their products come with a default login and password. From one of the manuals:
If a login dialog appears, enter ilon for both the User Name and the Password and then click OK.
I confirmed this works for the following products:
i.LON 600 LonWorks/IP Server
i.LON 100e4 Internet Server
i.LON SmartServer 2.0
i.LON SmartServer – Echelon Building Energy Management Solution
Not sure but that last one sounds like it is SCADA. Since ICS-CERT took the disclosure case and did not dismiss it, I guess it is considered SCADA.
Reported to ICS-CERT: 2013-04-10
ICS-CERT ICS-VU-138910 Assigned: 2013-04-10
ICS-CERT closes issue, vendor says password is changeable: 2013-0-10
Followup – I understand a password is changeable, but the fact is the people using these systems aren’t doing it! Vendors need to make the install process force a password change, so that a default password is NOT possible!