Security News > 2016 > March > Weak default credentials, command injection bug found in building operation software (Help Net Security)

A vulnerability in servers programmed with Schneider Electric’s StruxureWare Building Operation software can be exploited by a low-skilled, remote attacker to gain access to the servers and make changes that could affect a building’s security. What’s more, the software was also shipped with weak default user credentials that administrators weren’t required to change when setting up the system. StruxureWare Building Operation software provides integrated monitoring, control and management of energy, HVAC, lighting and fire safety. … More →

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/hNZ7lQG8MGM/