KAKO HMI Hard-coded Password

NCCIC/ICS-CERT is aware of a public report of a hard-coded password vulnerability with proof-of-concept (PoC) exploit code affecting KAKO HMI products. According to this report, the password is easily found in the client code. This report was released before coordination could be completed with the vendor and ICS-CERT. ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
Source: US-CERT ICS Alerts