HackDig : Dig high-quality web security articles for hacker

ELNet Energy & Electrical Power Meter - Mulitple Vulnerabilities

2016-09-09 04:45
*ELNet **Energy & Electrical Power Meter - Mulitple Vulnerabilities*


http://elnet.feniks-pro.com/Elnet-LT.php

http://www.elnet.cc/product/elnet-lt/


Powermeter with color graphic display for all electrical measurements and
harmonics, with TCP/IP and RS485 communication (ModBus and Bacnet), panel
mounted 96X96 mm.


*Product Description*

General

Simple operated menus.

- Multilingual support.
- Up to One year of energy data logging.
- Displays up to 64th Harmonic in Waveform or Graphic.
- 1600 samples per cycle.
- Accuracy 0.2 %.
- Accuracy 0.1% with special calibration, that can be ordered.
- Build in T.O.U. Energy meter.
- RS485 Communication Port (MODBUS, Bacnet MS/TP).
- State of the art Graphic LCD
- Modern 320 x 240 LCD display.
- Displays of Waveform and Bar graph.
- Simple installation- Panel mounted. Dimension: 96×96 mm.
- Flash memory stores 6 months of energy.


- TCP/IP communication port + WEB server
- BacNet TCP/IP

*Standard approvals:*

IEC 62053-22, IEC 62053-23, IEC 62052-11


Large consumers of electricity e.g. factories, hotels, hospitals,
municipalities, need to know the history of their consumption and the
quality and the values of the power supply. Details such as Voltage,
Current, Power Factor, Hertz, Neutral Current, Energy consumption can be
displayed by the ELNet LT

Energy & Powermeter.


An additional feature of the Powermeter is the ability to measure
Harmonics. Part of the Electricity Supply Authority’s bill reflects poor or
good Harmonics in the consumer’s system, therefore it is in his interest to
monitor Harmonics and try to improve it.


The ELNet LT Energy & Powermeter is a compact, multi functional, three-phase
Powermeter simple to install and is especially designed to integrate into
Building Management Systems. It requires no special mounting and is ideally
suited for mounting on the front face of any standard electrical panel.


The Configuration and Setup is menu driven, with password protection.


+++++


*Vulnerabilities*


1. *Unauthenticated Web Management access*

ELNet power meters can be managed via Java applet over a web browser. Meter
console and all its functions are accessible.


By default, no authentication is required to access the web console.



*2. Weak Credential Management*

In order to perform certain specific functions in ELNet power meters,
passwords are required. These passwords are, really just a formality.


For example:


Default password code to access Technical Menu for device configuration is –

1 (One)


*Default password – 6474*

- To reset I,V,F Peak Values

- To display /reset power peak value


+++++

It appears that password/code functionality is implemented for the sake of
getting the compliance check-list ticked.


Not only the default passwords are poor/weak, the system does not have a
mechanism to enforce a mandatory password change.


3. *Password Recovery Functionality*


But what if, just what if, someone does want security and changes the
default passwords, and forgets/lose them??


According to vendor:

*It is not recommended to forget your new passwords.*


The manual also doesn't seem to document Password Recovery either.


+++++

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


Source: 9/peS/6102/erusolcsidlluf/gro.stsilces

Read:4390 | Comments:0 | Tags:No Tag

“ELNet Energy & Electrical Power Meter - Mulitple Vulnerabilities”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud