I'm going to bet these use windows iot as the operating system, because, that's what fucking retards in the US build their embedded systems with. Fucking windows.
That being said, one can extract ntlm hashed passwords from a machine, provided physical access, relatively trivially by just examining a few hives on disk
As far as cracking the passwords go, that's doable. A decent rig with only 2 gtX 1080 should be able to pull around 100million hashes a second.
If you have an industrial rig, it should take about 1-2 hours to guess every possible password In an 8-char password...
If you are using a password dictionary, ie, not purely brute force techniques, but using a list of actual passwords, you should he able to hit entire gb-length lists in a matter on minutes.
This doesn't quite mean they -will- be able to guess the password Ina reasonable length of time though... A 24 char password, pure brute force, likely wouldnt be guessed in the age of the earth.
Does dominion seriously claim that they don't have access to their own
sccm configuration files they used for provisioning the devices?