There is a report of a hardcoded password vulnerability affecting Daktronics Vanguard highway notification sign configuration software, according to a report on ICS-CERT.
The remotely exploitable vulnerability is a hardcoded password that could allow unauthorized access to the highway sign. This report came to ICS-CERT via the Federal Highway Administration.
ICS-CERT informed the affected vendor and asked to confirm the vulnerability and identify mitigations. ICS-CERT issued a report to provide early notice and identify baseline mitigations for reducing risks to these and other cyber security attacks.
Proof of Concept is publicly available. ICS-CERT recommends entities to review sign messaging, update access credentials, and harden communication paths to the signs.
ICS-CERT is currently coordinating with the vendor and researcher to identify mitigations.