Blinkenlights for all: Cisco's building automation system vulnerable to manipulation
Cisco warns of several vulnerabilities in its Network Building Mediator (NBM), a system for interconnecting the technology in buildings with IP networks and web services. The NBM collects data such as the amount of electricity and gas used, the temperature, and other states of individual systems (for example via Modbus and BACnet) and normalises this data for further processing. The NBM can also send control data to a building's systems.
According to Cisco's advisory, the range of problems includes default password and privilege escalations as well as visibility of other users' access credentials and sessions. This potentially allows attackers to gain control of the NBM and manipulate the intercepted data, or even control a building's air conditioning or lighting systems in Blinkenlights style.
Cisco acquired the technology for the Network Building Mediator when it acquired Richards-Zeta Building Intelligence in early 2009. As a result, both Cisco's Network Building Mediator NBM-2400 and NBM-4800 and the older Richards-Zeta Mediator 2500 are affected. According to Cisco, only devices using the Mediator Framework version 3.1.1 or earlier are vulnerable. Later versions are not. Cisco has made an update available to registered customers.
The Network Building Mediator also plays a role in the Smart Grid which is being developed in the US to reduce and better regulate customers' power consumption. Service provider NetApp, for instance, has integrated numerous NBMs in many of its branches as part of an energy saving program initiated by the energy utility Pacific Gas and Electric Company.