A reported vulnerability in sign messaging software can end up mitigated by changing the default password upon installation.

There is a public report of a hardcoded password vulnerability affecting Daktronics Vanguard highway dynamic message sign (DMS) configuration software, according to a report on ICS-CERT.

OpenSSL Security Advisory Released
Highway Sign Software Vulnerability
COPA-DATA Improper Input Validation
Triangle MicroWorks Fixes DoS Hole

According to this report, the vulnerability is a hardcoded password that could allow unauthorized access to the highway sign.

This report came to ICS-CERT from the Federal Highway Administration and ICS-CERT notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations.

Schneider Bold

The vendor, Daktronics, said the software does not have a hardcoded password, but it does have a default password the user can change upon installation.

Proof of Concept is publicly available. ICS-CERT recommends entities review sign messaging, update access credentials, and harden communication paths to the signs.

Daktronics and the Federal Highway Administration recommend the following:
• Displays should not be on publicly accessible IP addresses. Placing a display on a private network or VPN helps mitigate the lack of security,
• Disable the telnet, webpage, and web LCD interfaces when not needed, and
• Change the default password to a strong password as soon as possible on all installed devices.

Pin It on Pinterest

Share This