New security caveats on NetBotz "BotzWare" 4.7

DCIM_Support · ‎2020-07-06

This question was originally posted on DCIM Support by Steven Marchetti on 2019-12-16

Hi all, I just wanted to share some important info on the 4.7 release of BotzWare. This will come into play on any new NetBotz device or any device running 4.7 that is reset to defaults:

Product Line:

NetBotz

Environment:

NetBotz version 3, NBWL0355, NBRK0450, NBWL0455, NBRK550, NBRK570

With the introduction of new California State legislation (SB-327), which comes into effect from January 1st, 2020, any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features, designed to prevent unauthorized access, modification, or information dis-closure. APC by Schneider Electric (APC) network-enabled devices firmware is updating in compliance with this legislation.

The following are the overview of changes which will come into effect with this new Botzware 4.7.0 version. Please communicate to your FSR team members who deals Netbotz configuration in the field.

1. WEB access will be OFF by default -> the customer will need to login via the USB console using root/apc and setup a new password which will then enable HTTPS access only

>They will then be able to login via HTTPS using the apc username and the new password they just set

2. The serial config utility will no longer work – will need to use a terminal program instead

Warning: system login through this interface without direction

from NetBotz Support will void your warranty.

netbotzDD3A7B login: root

Password:

Linux (none) 2.6.12 #307 Tue Jul 9 12:11:47 EDT 2019 ppc unknown

Welcome to NetBotz BotzWare V4.7.0

***************************************************************************

* To increase security, initial access to new NetBotz appliances has been *

* limited to this command console. *

* Once the Root password is set here, you can access the WEB UI and *

* use Advanced View and Data Center Expert to configure the appliance. *

* Only HTTPS (TCP port 443) will be enabled at that time *

***************************************************************************

New password:

Retype new password:

Thanks,

Steve

DCIM_Support · ‎2020-07-06

This comment was originally posted on DCIM Support by Steven Marchetti on 2019-12-17

Just an FYI, this only effects a new install or an appliance that's been reset to defaults. Devices upgraded from earlier versions will not have these changes to the protocols or require password changes.

DCIM_Support · ‎2020-07-06

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.

New security caveats on NetBotz &quot;BotzWare&quot; 4.7

New security caveats on NetBotz "BotzWare" 4.7

New security caveats on NetBotz "BotzWare" 4.7