The Stuxnet worm appears to have been designed specifically to exploit a weakness in a particular SCADA control software package. The vulnerability itself is as elementary as it comes: a hard-code password built into the WinCC SCADA system produced by Siemens. Siemens officials have said that they are advising customer not to change the password, because it could affect the system s stability and operation. The attackers behind St.uxnet clearly knew about the vulnerability in the Siemens WinCC system before the malware was written.
Source: https://threatpost.com/stuxnet-may-be-new-new-thing-malware-072210/74245/

