Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84563members
353833posts

Ethernet Gateway (Link150/ EGX150) HTTPS?

Gateways and Energy Servers

Get expert answers to your questions regarding Schneider Electric Gateways & Energy Servers, from product selection to implementation and troubleshooting. Collaborate with a global community of experts and peers, get support and share your experiences by subscribing to the Schneider Electric Community Gateways and Energy Servers forum today.

Solved
Darren_Pearce
Lieutenant | EcoXpert Master Lieutenant | EcoXpert Master
Lieutenant | EcoXpert Master
14
651

Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi All,

 

I had a coversation during a site visit yesterday, where the customer was telling me the Link150/EGX150 was due a firmware update, to enable the web interface to be HTTPS.

 

Can anyone confirm if this is a current task in the roadmap for the current hardware.

 

Or

 

If a new hardware version of the Link150/EGX150 would have to be launched to enable the protocol?

 

We have many of these devices on sites and often have the question raised if all the hardware supports HTTPS.

 

Regards

 

Darren


Accepted Solutions
Asif_Choudhury
Schneider Alumni (Retired)
Schneider Alumni (Retired)
0 Likes
0
548

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

When HTTPS is enabled, EGX150 will stop communicating over HTTP and port 80 will not be used.

See Answer In Context

14 Replies 14
FirdousKhan
Community Alumni (Retired)
Community Alumni (Retired)
0 Likes
1
639

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi the community members can you help this member on this topic please?

 

@Romain_Polette   do you think you can advise on this topic?

 

@Darren_Pearce  , in the meantime, please check the Knowledge base, maybe you can find useful information.

 

But if you still in the same situation please do not hesitate to inform us here.

 

Have a nice day.

Best,
Firdous - Animation and Moderation Exchange Community Team
Randi_Dolan
Commander Commander
Commander
0 Likes
1
636

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi

 

The Link 150/EGX150 team does not monitor this board.  The best way to obtain this information would be to go through the Customer Care Center and have them contact the product team.

 

Regards,

Randi

Romain_Polette
Sisko Sisko
Sisko
0 Likes
0
632

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hello @FirdousKhan , 

 

Dedicated thread here : https://community.exchange.se.com/t5/Gateways-and-Energy-Servers/Link-150-New-Firmware-Release-Avail...

 

Darren is closely following the topic.

Thanks.

Romain POLETTE - Solution architect - France Operation
Intencity - Grenoble - France
Darren_Pearce
Lieutenant | EcoXpert Master Lieutenant | EcoXpert Master
Lieutenant | EcoXpert Master

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi,

 

I new firmware was released for the Link150 which includes HTTPS however the function of disabling the HTTP access does not exist, leaving a vulnarability.

 

Regards

 

Darren

Randi_Dolan
Commander Commander
Commander

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

From the Link150 Team:

 

An official firmware had been released on 3rd week of December 2019 which has default enabled by HTTPS
For existing customer then can upgrade the firmware and it is available in se.com with FW 005.001.015

Regards,

Randi

Darren_Pearce
Lieutenant | EcoXpert Master Lieutenant | EcoXpert Master
Lieutenant | EcoXpert Master
0 Likes
8
616

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Randi,

 

Yes the new firmware was released for the Link150 which includes HTTPS however the function of disabling the HTTP access does not exist, leaving a vulnarability.

 

Does the Link150 Team have a response to that?

 

Regards

 

Darren

Asif_Choudhury
Schneider Alumni (Retired)
Schneider Alumni (Retired)
0 Likes
7
592

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi Darren,

I am Asif, product prime in Global Technical Support for Gateways and Com'X. Here is the answer to your question:

When HTTPS mode is activated, all data transacted over HTTP protocol is redirected to HTTPS automatically. In this state, all packets are forwarded to HTTPS port instead of HTTP port.

 

Regards,

Asif

Darren_Pearce
Lieutenant | EcoXpert Master Lieutenant | EcoXpert Master
Lieutenant | EcoXpert Master
0 Likes
6
583

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi Asif,

 

Thank you for your response and the details you have provided, one question to your information, if the data request is forwarded from the HTTP to the HTTPS port for the request, how is the response correctly returned if it is providing an encripted resonse to a none encripted request?

Is it possible to shutdown port 80 rather than forward this on?

 

As you may be the most appropriate person for this product, can i also ask a question that has bugged me for quite a time with the Link150/EGX150, the device has a RTC i assume, with the menu option to adjust it, why is this not either intergrated to the PME time broadcast to self set, or include NTP settings perhaps?

 

Regards

 

Darren

Asif_Choudhury
Schneider Alumni (Retired)
Schneider Alumni (Retired)
0 Likes
5
575

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi Darren,

 

Thanks for your questions.

 

If HTTPS is enabled in EGX150, the certificate must be trusted at the customer end. If the customer lacks a certificate from a trusted authority or use HTTP instead of HTTPS, the HTTPS connection must not be enabled inside the EGX150. Cause, this kind of non-ideal communication (EGX150 having HTTPS and the customer using HTTP), leaves Man-in-the-middle type vulnerability in the system.

 

To answer the second part of your question, EGX150 implements neither RTC nor SNTP currently (reference: page 43 of the attached EGX150 User Guide).


One has to set the date and time manually from EGX150's web page as mentioned on the same page.

 

Regards,
Asif

Attachments
Darren_Pearce
Lieutenant | EcoXpert Master Lieutenant | EcoXpert Master
Lieutenant | EcoXpert Master
0 Likes
4
571

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi Asif,

 

Thanks for your response, however your reply raises more concerns than my initial thoughts.

 

The site this query is based on does have security certificates for the domain, the site has gone through rigorous PEN testing for security too.

While i understand that if we enabled HTTPS access, we would use HTTPS in the browser to connect to the device ourselves, for any setting changes, it does sound by still leaving HTTP enabled and forwarding on the request internally to HTTPS, if a malicious party did carryout actions to create a man-in-the-middle attack, the gateway would be vulnarable to this action?

 

I also did believe the clock would have been maintained under power outages by an onboard backup supply, as i see little point in an ability to set the time and date if this is not maintained at all internally, an SNTP ability would resolve this issue.

 

Regards

Darren

Asif_Choudhury
Schneider Alumni (Retired)
Schneider Alumni (Retired)
0 Likes
3
560

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi @Darren_Pearce 

 

Apology for the late reply.

 

Can you kindly explain a little more the following section from your last response:

While i understand that if we enabled HTTPS access, we would use HTTPS in the browser to connect to the device ourselves, for any setting changes, it does sound by still leaving HTTP enabled and forwarding on the request internally to HTTPS, if a malicious party did carryout actions to create a man-in-the-middle attack, the gateway would be vulnarable to this action?

On SNTP and RTC, I agree with you. Unfortunately, as of now, the EGX150 has neither of the time-keeping technology implemented.

Regards,

Asif

Darren_Pearce
Lieutenant | EcoXpert Master Lieutenant | EcoXpert Master
Lieutenant | EcoXpert Master
0 Likes
2
557

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi Asif,

 

From your original post;

 

'If the customer lacks a certificate from a trusted authority or use HTTP instead of HTTPS, the HTTPS connection must not be enabled inside the EGX150. Cause, this kind of non-ideal communication (EGX150 having HTTPS and the customer using HTTP), leaves Man-in-the-middle type vulnerability in the system.'

 

I have highlighted a selection of 'what if occurances'.

My customer when we set the system up wants to secure the system as much as possible, the EGX150 has the ability to use HTTPS, so i enable that function. But i can't disable HTTP.

 

It appears that because i can't disable HTTP there is a Man-in-the-middle type vulnerability?

 

If i could disable HTTP (Port 80) in the configuration, so the EGX150 does not forward a request internally, would that stop the vulnerability?

 

Regards

 

Darren

AndersDahlskog
Lieutenant JG Lieutenant JG
Lieutenant JG
0 Likes
0
552

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

Hi we get reports that with it is no longer possible to double click on the icon in Network explorer to open webbpage with the latest firmware. Instead you have to right click and then proporties to to click on the webbpage link there. Have observed the same with PM8000.

Has this anything to do with the above question/answer ?

 

BR/Anders

Asif_Choudhury
Schneider Alumni (Retired)
Schneider Alumni (Retired)
0 Likes
0
549

Re: Ethernet Gateway (Link150/ EGX150) HTTPS?

When HTTPS is enabled, EGX150 will stop communicating over HTTP and port 80 will not be used.