Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms
The existence of the backdoor account, tracked as CVE-2020-12501, was discovered by SEC Consult in 2020, but it was only made public now, after a lengthy disclosure process that ended with the vendor saying that the account will not be removed.