Today the DHS ICS-CERT published an alert for a hard coded credential in the Daktronics Vanguard software used in automated highway message signs. The Federal Highway Administration notified ICS-CERT of the vulnerability. The ICS-CERT advisory notes that a “Proof of Concept is known to be publicly available”, though I can’t find any mention of it in a Google® search.
Okay, this is a control system within the broadest bounds of the definition, but I sure hope that ICS-CERT folks are not spending very much time on it. Sure someone could change a message one or more of these signs and cause some confusion and maybe (a stretch) an accident, but this is hardly critical infrastructure stuff here.