Security vulnerabilities have been discovered in industrial control systems (ICS) gear from Rockwell Automation and Johnson Controls. The bugs could allow an attacker to gain access to sensitive project file information, including passwords. They also include the use of a broken or risky algorithm for password protection; use of client-side authentication; and cleartext storage of sensitive information. A similar bug was discovered in Johnson Controls Kantech EntraPass product, which is a physical security door platform used for access control at industrial environments.
Source: https://threatpost.com/critical-bugs-in-rockwell-johnson-controls-ics-gear/153602/