Emerson Network Power Devices (now Vertivco) Multiple Default Passwords

November 20, 2017

Emerson Network Power devices, now owned by Vertivco, have many devices with default credentials!

http://www.emersonnetworkpower.com/documentation/en-US/trellis/Documents/User-Guides/Trellis-Power-Insight-User-Guide_EN-NA_5901291501B.pdf
Database admin Administrator of the database: mtpadmin
Database admin password: admin
Database user: mtpuser
Database user password: passw0rd

Web Interface:
When the login page loads, enter Passw0rd123 in the Password field

http://www.emersonnetworkpower.com/documentation/en-US/Support/Technical-Support/InfrastructureManagement/ProductDownloadsandSoftware/Documents/MGP53XX%20Installer-User%20Guide.pdf
MergePoint SP5324/SP5340 appliance:
a. Log into the console port as root with the default password avocent.

MergePoint SP5300 Web Interface:
Type admin as the username and type admin as the password

Managing MergePoint SP manager user accounts
The default user account username and password are both admin.

Managing Default Users (Admin users only)
(there are a lot of them!!)

http://www.emersonnetworkpower.com/documentation/en-US/Brands/Avocent/Documents/Manuals/01/590821501J.pdf
By default, two passwords are required to access the HMX user station via the transmitter. One password controls access to the user station, the other password controls access to
the transmitter. In both cases, the default password is password.

http://www.emersonnetworkpower.com/documentation/en-US/Products/PowerSwitchingandControls/MonitoringandControl/Documents/ASCO%205310/ASCO%205310%20Installation%20Manual.pdf
Web Interface:
The ATS Remote Annunciator login page should appear.
Enter the default Login ( admin ) and Password ( ASCO ) from the label (see page 2) and click Login.

http://www.emersonnetworkpower.com/documentation/en-US/Brands/Avocent/Documents/Manuals/01/590667501E.pdf
http://www.emersonnetworkpower.com/documentation/en-US/Support/Technical-Support/InfrastructureManagement/ProductDownloadsandSoftware/Documents/590667501d.pdf
Serial Console:
When prompted, enter the username admin with the default password pm8.

http://www.emersonnetworkpower.com/documentation/en-US/Brands/Avocent/Documents/Manuals/01/590721501A.pdf
http://www.emersonnetworkpower.com/documentation/en-US/Brands/Avocent/Documents/Manuals/01/590836501E.pdf
Serial console
One password controls access to the user station, the other password controls access to the transmitter. In both cases, the default password is password.

NetSure -48V DC Power System
http://www.emersonnetworkpower.com/documentation/en-US/Products/DCPower/ensys_ACDCPowerSystems/MediumDCSystems/Documents/IM582127000.pdf
NetSure 4015 30kW 400V DC Power System
http://www.emersonnetworkpower.com/documentation/en-US/Brands/Netsure/Documents/NetSure-4015-IM584000300.pdf
To Enter a Password:
If a password screen opens, a password must be entered to allow the User to make adjustments. To enter a password, with the cursor at the User Name field (default is “Admin”), press the down arrow key to move cursor down to the password line. Press ENT. “0” is highlighted. Press the up arrow key once to change the “0” to ”1” (default password is “1”), then press ENT twice. (Note: If you have been assigned a unique User Name and password, follow this procedure to enter these.)

NetSure -48 VDC Power System
http://www.emersonnetworkpower.com/documentation/en-US/Products/DCPower/ensys_ACDCPowerSystems/Documents/NetSure-211-IM582136600.pdf
If a password screen opens, a password must be entered to allow the User to make adjustments. To enter a password, use the UP and DOWN keys to move the cursor to the Enter Password field. Press ENT. Use the UP and DOWN keys to choose a character. Press ENT to accept and move to the next character. Continue this process until all characters are entered. Press ENT again to accept the password. The default password is 640275.

http://www.emersonnetworkpower.com/documentation/en-US/Products/Monitoring/Documents/SL-52615.pdf
Control and configuration capabilities are protected by a username and password combination.
Optionally, status information can be password-protected. The default username is “Liebert” and the default password is also “Liebert.”

General User
Username User Viewing privileges only—no access to configuration or control functions
Password User

LIEBERT FDC
http://www.emersonnetworkpower.com/en-ASIA/Products/ACPower/PowerDistribution/PowerDistribution/Documents/Liebert%20FDC%20-%20Installation%20Manual.pdf
A password is required for the first parameter configured during an editing session. After entering a valid password, you can configure multiple parameters. The default password is 0 (zero).

http://www.emersonnetworkpower.com/documentation/en-US/Products/ACPower/PowerDistribution/Documents/SmartSwitch_-_50Hz_-_Installation_Manual.pdf
A password is required to change unit settings. The default password is “Liebert.”

AXP 1410
http://www.emersonnetworkpower.com/documentation/en-US/Products/DCPower/ensys_ACDCPowerSystems/Documents/6806800h70d_axp_1410_iu.pdf
user name: root
password: root

Avocent OnSite Appliance
http://www.emersonnetworkpower.com/documentation/en-US/Support/Technical-Support/InfrastructureManagement/ProductDownloadsandSoftware/Documents/590744501A.pdf
When the OnSite is turned on, the appliance will display the login screen for the on-screen display. Enter admin as the login name, then enter the default password cyclades to display the main menu.

http://www.emersonnetworkpower.com/documentation/en-US/Brands/Avocent/Products/Monitoring-Control/Documents/590222616M.pdf
When you first access the switch, you will be prompted through the Terminal window to enter a username.
a. Enter the username admin. By default, a password is not required.

To install the AMWorks software for the first time:
Run the AMWorks software. You will be prompted to type a password. The default password is password. To change the password, refer to the AMWorks software online help program.

http://www.emersonnetworkpower.com/documentation/en-US/Support/Technical-Support/InfrastructureManagement/ProductDownloadsandSoftware/Documents/590989501A.pdf
MergePoint SP5x24/SP5x40 manager:
a. Log into the console port as root with the default password Sydney.

Advertisements

eWON Devices Multiple Default Credentials

November 13, 2017

While researching the eWON devices I found their manuals had plenty of default credentials!

eWON 4000
http://ewon.biz/sites/default/files/ewon4000gsuk30.pdf
Username: adm
Password: adm

eWON 2001, 2005, 2101, 4101
http://ewon.biz/sites/default/files/ewon2001_in_2_0_7_uk.pdf
http://ewon.biz/sites/default/files/ewon4101_in_1_0_3_uk.pdf
http://ewon.biz/sites/default/files/ewon2101_in_1_0_3_uk.pdf
http://ewon.biz/sites/default/files/ewon2005_in_1_0_3_uk.pdf
User Name:
Password:

eWON 500-2001-4001-4002
http://ewon.biz/sites/default/files/ewon_rg_4_3_4_uk.pdf
Login adm
Password adm

eWON 500
http://ewon.biz/sites/default/files/ewon500_ug_confgate_1_0_uk.pdf
and adm/adm as User Name/Password.

eWON eBuddy
http://ewon.biz/sites/default/files/ebuddy_ug_1_1_uk_0.pdf
(default: adm/adm)

eWON Flexy
http://ewon.biz/sites/default/files/quick_start_guide_flexy.pdf
Username: adm
Password: adm

eWON COSY 131
http://ewon.biz/sites/default/files/quick_start_guide_cosy_131.pdf
The default username & password are both “adm”

eWON eFive 25 & 100
http://ewon.biz/sites/default/files/efive_quick_start_guide.pdf
At first login enter admin as the username and admin as the password.

Alcatel-Lucent OmniSwitch 6250 Switch sys_filesystem_info_si.html Multiple Parameter Stored XSS

March 1, 2016

The Alcatel-Lucent OmniSwitch 6250 Switch has a cross-site scripting (XSS) vulnerability in the /sys/content/sys_filesystem_info_si.html page (CVE-2016-78002). An authenticated user with permission to update the fields can inject arbitrary JavaScript into three fields that will be stored and displayed on /phys/content/phys_chs_info_stable.html when viewed. The fields/parameters are Contact (EmWeb_ns:mip:208.T1:O1 parameter), Name (EmWeb_ns:mip:209.T1:O2 parameter), Location (EmWeb_ns:mip:210.T1:O3 parameter) which are updated by a POST request.

The payload looks like:

EmWeb_ns%3Amip%3A208.T1%3AO1=Alcatel-Lucent+%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28%27df-location%27%29%3C%2Fscript%3E&EmWeb_ns%3Amip%3A209.T1%3AO2=vxTarget%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28%27df-name%27%29%3C%2Fscript%3E&EmWeb_ns%3Amip%3A210.T1%3AO3=vxTarget%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28%27df-location%27%29%3C%2Fscript%3E&EmWeb_ns%3Amip%3A211=Apply

Alcatel-Lucent OmniSwitch 6250 Switch Default Admin Credentials

February 28, 2016

Alcatel-Lucent OmniSwitch 6250 Switch can be managed via telnet console or HTTP via a utility they call WebView. The switch creates a default admin account for management according to the manual.

Startup Defaults
By default, a single user management account is available at the first bootup of the switch. This account
has the following user name and password:
• user name—admin
• password—switch

omniswitch-6250

NOVUS SuperView New Application Default Admin Account

February 3, 2016

NOVUS Automation makes software called SuperView that “is a Supervisory Control and Data Acquisition software (SCADA) that brings to the user a visual development model to create applications. Besides communication with Modbus RTU and Modbus TCP devices, also is posible to use SuperView stations operating in Client or Server modes allowing distributed supervision of a process or system.” When creating a new application in the software a default admin account is also created:

novus-superview

NOVUS AirGate-3G Dual SIM Industrial Cellular VPN Router Default Admin Credentials

February 2, 2016

NOVUS Automation makes a variety of products for ICS and SCADA management. The NOVUS AirGate-3G Dual SIM Industrial Cellular VPN Router installs with a default admin account according to the manual:

novus-airgate

LOYTEC Electronics Multiple Devices Web Interface Default Admin Credentials

February 1, 2016

LOYTEC electronics GmbH has a manuals download section on their site (requires authentication) showing the following devices have a default admin account:

  • L-DALI DALI Light Controller
  • L-INX Automation Server
  • L-GATE Universal Gateway
  • L-IP CEA-709/IP Router
  • L-VIS
  • LIOB-10x I/O Module
  • LIOB-x5x I/O Module
  • LIP-ME20X L-IP BACnet Router
  • LWEB-802
  • LWEB-803
  • LWEB-900 Building Management System

loytec

The L-Proxy CEA-709 Gateway has a different default:

loytec2

BEC Technologies Multiple Devices Web Interface Default Admin Credentials

January 29, 2016

Basically every BEC Technologies device uses a web interface for device management and each one has the same default admin credentials:

Web Interface: (Username and Password)
Username: admin
Password: admin

The BiPAC 7800NL 802.11n ADSL2+ Firewall Router ships with multiple accounts:

Administrator
Username: admin
Password: admin
Local
Username: user
Password: user
Remote
Username: support
Password: support

Falcon USHA UPS SNMP HTTP Agent Default Admin Credentials

January 28, 2016

Falcon UPS devices use a SNMP HTTP agent for remote administration. According to the manual it comes with default admin credentials.

Click the Become Administrator button at the bottom of the screen. Enter USHA as the login name and admin as the password. (Case sensitive)

usha-config

TerraMaster Storage Devices Web Interface Default Admin Credentials

January 27, 2016

TerraMaster storage devices come with default admin credentials according to the online installation guide. These include the WORM-Storage, F4-NAS, F2-NAS 2 and F2-C2O.

terramaster-default1

terramaster-default2