Skip to the content.

DIVD-2022-00005 - Exposed BACnet devices

Our reference DIVD-2022-00005
Case lead Ruben Uithol
Researcher(s)
CVE(s)
  • n/a
Product BACnet
Versions any
Recommendation Restrict access to public BACnet ports or implement BACnet/SC (Secure Connect).
Status Open
Last modified 12 Aug 2022 09:21

Summary

During the Log4J crisis, researchers uncovered BACnet devices with open ports. Upon further investigation, more devices have been found running the BACnet protocol.

What you can do

What we are doing

Timeline

Date Description
22 Dec 2021 Discovery of open BACnet devices.
05 Jan 2022 Scanning the public interface to collect instances.
29 Jan 2022 Case Opened
08 Feb 2022 DIVD starts first round of notifications.
gantt title DIVD-2022-00005 - Exposed BACnet devices dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2022-00005 - Exposed BACnet devices (still open) :2022-01-29, 2022-10-04 section Events Discovery of open BACnet devices. : milestone, 2021-12-22, 0d Scanning the public interface to collect instances. : milestone, 2022-01-05, 0d Case Opened : milestone, 2022-01-29, 0d DIVD starts first round of notifications. : milestone, 2022-02-08, 0d

More information