beautypg.com

1 vulnerabilities, Figure 28: custom menu example – Campbell Scientific CR800 and CR850 Measurement and Control Systems User Manual

Page 71

background image

Section 5. System Overview

71

 

5.1.10.1 Vulnerabilities

While "security through obscurity" may have provided sufficient protection in the
past, Campbell Scientific dataloggers increasingly are deployed in sensitive
applications. Devising measures to counter malicious attacks, or innocent
tinkering, requires an understanding of where systems can be compromised and
how to counter the potential threat.

Note Older CR800 operating systems are more vulnerable to attack than recent
updates. Updates can be obtained free of charge at www.campbellsci.com.

The following bullet points outline vulnerabilities:

CR1000KD Keyboard Display

• Pressing and holding the "Del" key while powering up a CR800 will cause it

to abort loading a program and provide a 120 second window to begin
changing or disabling security codes in the settings editor (not Status table)
with the keyboard display.

• Keyboard display security bypass does not allow telecommunications access

without first correcting the security code.

Note These features are not operable in CR1000KDs with serial numbers

less than 1263. Contact Campbell Scientific for information on upgrading the
CR1000KD operating system.

LoggerNet:

• All datalogger functions and data are easily accessed via RS-232 and Ethernet

using Campbell Scientific datalogger support software.

• Cora command find-logger-security-code.

Telnet:

• Watch IP traffic in detail. IP traffic can reveal potentially sensitive

information such as FTP login usernames and passwords, and server
connection details including IP addresses and port numbers.

• Watch serial traffic with other dataloggers and devices A Modbus capable

power meter is an example.

• View data in the Public and Status tables.
• View the datalogger program, which may contain sensitive intellectual

property, security codes, usernames, passwords, connection information, and
detailed or revealing code comments.

FTP:

• Send and change datalogger programs.
• Send data that have been written to a file.

HTTP:

• Send datalogger programs.
• View table data.

See also other documents in the category Campbell Scientific Measuring instruments: