“The line of mission-critical routers manufactured by Fremont, California-based GarrettCom contains an undocumented account with a default password that gives unprivileged users access to advanced options and features, Justin W. Clarke, an expert in the security of industrial control systems, told Ars. The ‘factory account’ makes it possible for untrusted employees or contractors to significantly escalate their privileges and then tamper with electrical switches or other industrial controls that are connected to the devices.”
Source: Secret account in mission-critical router opens power plants to tampering | Ars Technica