Skip to content

T0812 Default Credentials

Adversaries may leverage manufacturer or supplier set default credentials on control system devices. These default credentials may have administrative permissions and may be necessary for initial configuration of the device. It is general best practice to change the passwords for these accounts as soon as possible, but some manufacturers may have devices that have passwords or usernames that cannot be changed. 1

Default credentials are normally documented in an instruction manual that is either packaged with the device, published online through official means, or published online through unofficial means. Adversaries may leverage default credentials that have not been properly modified or disabled.

Item Value
ID T0812
Tactics TA0109
Platforms Control Server, Engineering Workstation, Field Controller/RTU/PLC/IED, Human-Machine Interface, Safety Instrumented System/Protection Relay
Version 1.0
Created 21 May 2020
Last Modified 09 March 2023


ID Mitigation Description
M0801 Access Management Ensure embedded controls and network devices are protected through access management, as these devices often have unknown default accounts which could be used to gain unauthorized access.
M0927 Password Policies Review vendor documents and security alerts for potentially unknown or overlooked default credentials within existing devices


ID Data Source Data Component
DS0028 Logon Session Logon Session Creation
DS0029 Network Traffic Network Traffic Content