1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Weak default credentials, command injection bug found in building operation software

Discussion in 'Help Net Security' started by RSS, Mar 2, 2016.

  1. RSS

    RSS New Member Member

    A vulnerability in servers programmed with Schneider Electric’s StruxureWare Building Operation software can be exploited by a low-skilled, remote attacker to gain access to the servers and make changes that could affect a building’s security. What’s more, the software was also shipped with weak default user credentials that administrators weren’t required to change when setting up the system. StruxureWare Building Operation software provides integrated monitoring, control and management of energy, HVAC, lighting and fire safety. … More →

    Continue reading...
     

Share This Page