DIVD-2022-00005 - Exposed BACnet devices
|Case lead||Ruben Uithol|
|Recommendation||Restrict access to public BACnet ports or implement BACnet/SC (Secure Connect).|
|Last modified||12 Aug 2022 11:21|
During the Log4J crisis, researchers uncovered BACnet devices with open ports. Upon further investigation, more devices have been found running the BACnet protocol.
What you can do
- End users should restrict access to BACnet controllers. Ensure that only dedicated building management systems can access these HVAC systems. If your system is managed by an outside contractor, provide remote access using a VPN, and prevent the controller from accessing any corporate and control systems machinery. This will reduce the likelihood of a controller like this being used as a pivot point for attackers to fan out within a network.
What we are doing
- DIVD is monitoring the trend of publicly accessable BACnet devices.
- DIVD is informing hosts of their open BACnet devices.
|22 Dec 2021||Discovery of open BACnet devices.|
|05 Jan 2022||Scanning the public interface to collect instances.|
|29 Jan 2022||Case Opened|
|08 Feb 2022||DIVD starts first round of notifications.|
gantt title DIVD-2022-00005 - Exposed BACnet devices dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2022-00005 - Exposed BACnet devices (still open) :2022-01-29, 2023-02-14 section Events Discovery of open BACnet devices. : milestone, 2021-12-22, 0d Scanning the public interface to collect instances. : milestone, 2022-01-05, 0d Case Opened : milestone, 2022-01-29, 0d DIVD starts first round of notifications. : milestone, 2022-02-08, 0d