There are free tools readily available to anyone that can not only scan BACNet networks, it gives the user the ability make changes to individual control points, set schedules, review logs, view alarms and acknowledge, and turn your BACNet devices into “bricks”.
Image may be NSFW.
Clik here to view.
What Can The Tool Do?
The first thing I found was the ease of use of this program. In order to scan the network all I needed was one BBMD. First, use an IoT search engines to find a publicly exposed BBMD (there are literally thousands of exposed BBMD’s worldwide). The image below shows the results of taking one of these IP’s and entering it into the tool. As you can see from the one found using the IoT search engines, the scan revealed even more IP’s that are not listed on the IoT search engine. In addition to finding other BACNet IP devices, it discovered MSTP (serial communicating devices) BACNet devices as well. There can be hundreds of devices attached to the system and thousands of points underneath the devices that can be controlled with this tool.
Image may be NSFW.
Clik here to view.
All the devices and points can be accessed without using a user/password.
By clicking on device in the top left window (image below) the device’s associated points will be displayed in the bottom left window. These points can be dragged into the middle window and their value and status are displayed along with device ID, object ID, name, and update time.
Clicking on a point in the bottom left window will display its properties in the window on the far right.
Image may be NSFW.
Clik here to view.
You have full control of the properties to be able to write to it.
The point property window allows for editing of the point parameters. In the image below the call-outs show what is editable (in black) and parameters that could take the point offline (in red). Depending on the point type, command and control of these points/devices could lock operators out, change VFD speeds to an unsafe level, modify setpoints, etc.
Image may be NSFW.
Clik here to view.
There are many more things that this program can do and below is a couple of examples.
Edit Notification Settings
Image may be NSFW.
Clik here to view.
Acknowledge Alarms
Image may be NSFW.
Clik here to view.
Edit Schedules
Image may be NSFW.
Clik here to view.
View Trend Logs
Image may be NSFW.
Clik here to view.
The post Publicly Exposed Control System BBMD – No Login Required! appeared first on ControlTrends.