Echelon i.LON Defaults

Vendor: Echelon Corporation

Many of their products come with a default login and password. From one of the manuals:

If a login dialog appears, enter ilon for both the User Name and the Password and then click OK.

I confirmed this works for the following products:

i.LON 600 LonWorks/IP Server
i.LON 100e4 Internet Server
i.LON SmartServer 2.0
i.LON SmartServer – Echelon Building Energy Management Solution

Not sure but that last one sounds like it is SCADA. Since ICS-CERT took the disclosure case and did not dismiss it, I guess it is considered SCADA.

Discovered: 2013-04-07
Reported to ICS-CERT: 2013-04-10
ICS-CERT ICS-VU-138910 Assigned: 2013-04-10
ICS-CERT closes issue, vendor says password is changeable: 2013-0-10

Followup – I understand a password is changeable, but the fact is the people using these systems aren’t doing it! Vendors need to make the install process force a password change, so that a default password is NOT possible!


Tags: ,

2 Responses to “Echelon i.LON Defaults”

  1. Duke Says:

    Hey, Do you happen to have the source of their release, page that is.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: