Sign In Help
Schneider Electric
HelpSign In
Schneider Electric Exchange
  • Home
  • Collaborate
  • Develop
  • Shop
Home Collaborate Develop Shop Log in or Register Help

Invite a Co-worker

Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel

Invitation Sent

Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
  • Home
  • Collaborate
  • Exchange Community
  • :
  • EcoStruxure IT
  • :
  • EcoStruxure IT forum
  • :
  • Re: SNMP vulnerability in disaster recovery node
Community Menu
  • Forums
    • By Topic
        • EcoStruxure IT
          • EcoStruxure IT forum
        • Industrial Automation
          • Industry Automation and Control Forum
          • Alliance System Integrators Forum
          • Machine Solutions in the Digital Transformation
          • EcoStruxure Automation Expert / IEC 61499 Forum
          • Industrial Edge Computing Forum
          • Level and Pressure Instrumentation Forum
          • Modicon User Group
          • PLC Club Indonesia
          • SEE Automation Club Forum
          • Fabrika ve Makina Otomasyonu Çözümleri
          • Форум по промышленной автоматизации СНГ
        • SCADA & Telemetry Solutions
          • Geo SCADA Expert Forum
          • SCADA and Telemetry Devices Forum
        • Power Distribution IEC
          • Power Distribution and Digital
          • Power Standards & Regulations
          • Paneelbouw & Energie Distributie
        • Power Distribution Softwares
          • EcoStruxure Power Design Forum
          • SEE Electrical Building+ Forum
          • LayoutFAST User Group Forum
        • Solutions for your Business
          • Solutions for Food & Beverage Forum
          • Solutions for Healthcare Forum
    • By Segment
        • Food & Beverage
          • Solutions for Food & Beverage Forum
        • Healthcare
          • Solutions for Healthcare Forum
      • EcoStruxure IT
        • EcoStruxure IT forum
      • Industrial Automation
        • Industry Automation and Control Forum
        • Alliance System Integrators Forum
        • Machine Solutions in the Digital Transformation
        • EcoStruxure Automation Expert / IEC 61499 Forum
        • Industrial Edge Computing Forum
        • Level and Pressure Instrumentation Forum
        • Modicon User Group
        • PLC Club Indonesia
        • SEE Automation Club Forum
        • Fabrika ve Makina Otomasyonu Çözümleri
        • Форум по промышленной автоматизации СНГ
      • SCADA & Telemetry Solutions
        • Geo SCADA Expert Forum
        • SCADA and Telemetry Devices Forum
      • Power Distribution IEC
        • Power Distribution and Digital
        • Power Standards & Regulations
        • Paneelbouw & Energie Distributie
      • Power Distribution Softwares
        • EcoStruxure Power Design Forum
        • SEE Electrical Building+ Forum
        • LayoutFAST User Group Forum
      • Solutions for your Business
        • Solutions for Food & Beverage Forum
        • Solutions for Healthcare Forum
      • Food & Beverage
        • Solutions for Food & Beverage Forum
      • Healthcare
        • Solutions for Healthcare Forum
  • Blogs
    • By Topic
        • Industrial Automation
          • Industrial Edge Computing Blog
          • Industry 4.0 Blog
          • Industrie du Futur France
        • SCADA & Telemetry Solutions
          • SCADA and Telemetry Blog
        • Power Distribution IEC
          • Power Events & Webinars
          • Power Foundations Blog
        • Power Distribution NEMA
          • NEMA Power Foundations Blog
        • Power Distribution Softwares
          • EcoStruxure Power Design Blog
          • SEE Electrical Building+ Blog
        • Solutions for your Business
          • Solutions for Food & Beverage Blog
          • Solutions for Healthcare Blog
          • Solutions for Retail Blog
        • Community experts & publishers
          • Publishers Community
    • By Segment
        • Food & Beverage
          • Solutions for Food & Beverage Blog
        • Healthcare
          • Solutions for Healthcare Blog
        • Retail
          • Solutions for Retail Blog
      • Industrial Automation
        • Industrial Edge Computing Blog
        • Industry 4.0 Blog
        • Industrie du Futur France
      • SCADA & Telemetry Solutions
        • SCADA and Telemetry Blog
      • Power Distribution IEC
        • Power Events & Webinars
        • Power Foundations Blog
      • Power Distribution NEMA
        • NEMA Power Foundations Blog
      • Power Distribution Softwares
        • EcoStruxure Power Design Blog
        • SEE Electrical Building+ Blog
      • Solutions for your Business
        • Solutions for Food & Beverage Blog
        • Solutions for Healthcare Blog
        • Solutions for Retail Blog
      • Community experts & publishers
        • Publishers Community
      • Food & Beverage
        • Solutions for Food & Beverage Blog
      • Healthcare
        • Solutions for Healthcare Blog
      • Retail
        • Solutions for Retail Blog
  • Ideas
        • Industrial Automation
          • Modicon Ideas & new features
        • SCADA & Telemetry Solutions
          • Geo SCADA Expert Ideas
          • SCADA and Telemetry Devices Ideas
  • Knowledge Center
    • Building Automation Knowledge Base
    • Industrial Automation How-to videos
    • Ask Exchange
    • Digital E-books
    • Success Stories Corner
    • Power Talks
  • Events & Webinars
  • Support
    • User Guide
    • Leaderboard
    • Releases Notes
How can we help?
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
49425members
Join Now
242732posts
Join Now

SNMP vulnerability in disaster recovery node

Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Back to EcoStruxure IT forum
DCIM_Support
Picard DCIM_Support
Picard
‎2020-07-05 07:48 PM
0 Likes
7
100
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2020-07-05 07:48 PM

SNMP vulnerability in disaster recovery node

This question was originally posted on DCIM Support by Michael on 2019-06-04


There have been a lot of discussions here about the default SNMPv1 community string but didn't find anything related to DCO Disaster recovery node (High Availability). The problem is that our security scanners are reporting a vulnerability since the DR seems to be using the default "public" even though we have disabled the SNMPv1 and in addition changed it from "public" to something else.

It seems that these configurations are not taken into use if the DR is not promoted to master? Scans were fine when the DR was the master but once dropped to being a DR, the same vulnerability was found.

(CID:144313595)

Labels
  • Data Center Operation
Share
  • All forum topics
  • Previous Topic
  • Next Topic
7 Replies 7
DCIM_Support
Picard DCIM_Support
Picard
‎2020-07-05 07:48 PM
0 Likes
5
100
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2020-07-05 07:48 PM

Re: SNMP vulnerability in disaster recovery node

This answer was originally posted on DCIM Support by Jef Faridi on 2019-06-04


Hi Michael,

SNMP v1 can be disabled both on the master node and the DR node, if haven't tried it yet, please go to server (both master and DR) webmin interface,  StruxureWare DC Operation > Setup , un-check the v1 option for "Enable SNMP server", and then push the Setup button:

And then check your vulnerability scans to See if that helps, otherwise it would be great if I could have details about your scanning tool and its DCO related reports, thanks.

Kind regards

(CID:144313614)

Share
DCIM_Support
Picard DCIM_Support
Picard
‎2020-07-05 07:48 PM
0 Likes
0
100
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2020-07-05 07:48 PM

Re: SNMP vulnerability in disaster recovery node

This comment was originally posted on DCIM Support by Michael on 2019-06-04


Hi Jef!

The SNMPv1 is disabled on both servers. Before disabling, we also changed the community from "public" to something else. Master node passes the scans with no problems, so does the DR if it's promoted to master. But when it is in "standby" as a DR, the scans report: "Default or Guessable SNMP community names: public". So it seems it uses some default values when working as a DR. I'll ask some more information from our IT Security.

(CID:144313625)

Share
DCIM_Support
Picard DCIM_Support
Picard
‎2020-07-05 07:48 PM
0 Likes
0
100
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2020-07-05 07:48 PM

Re: SNMP vulnerability in disaster recovery node

This comment was originally posted on DCIM Support by Jef Faridi on 2019-06-04


Hi Michael,

Thanks for the info - I will send you an invite to my =S= box shortly so the data safely can be shared with me, thanks.

Kind regards

(CID:144313664)

Share
DCIM_Support
Picard DCIM_Support
Picard
‎2020-07-05 07:48 PM
0 Likes
0
100
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2020-07-05 07:48 PM

Re: SNMP vulnerability in disaster recovery node

This comment was originally posted on DCIM Support by Jef Faridi on 2019-06-04


Hi Michael,

What is the version of your DCO servers?

Kind regards

(CID:144313851)

Share
DCIM_Support
Picard DCIM_Support
Picard
‎2020-07-05 07:48 PM
0 Likes
0
100
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2020-07-05 07:48 PM

Re: SNMP vulnerability in disaster recovery node

This comment was originally posted on DCIM Support by Michael on 2019-06-04


Currently on 8.2.2.

(CID:144313859)

Share
DCIM_Support
Picard DCIM_Support
Picard
‎2020-07-05 07:48 PM
0 Likes
0
100
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2020-07-05 07:48 PM

Re: SNMP vulnerability in disaster recovery node

This comment was originally posted on DCIM Support by Jef Faridi on 2019-06-11


Hi Michael,

I have had a setup (DCO+DR node) using the latest release version (DCO 8.3) that were running the last few days. This setup were included in our daily security scanning without any SNMP security notifications.

In general, it is recommended to update the product (DCO) to latest release version, which should also contain OS related updates.

Kind regards

(CID:144868637)

Share
DCIM_Support
Picard DCIM_Support
Picard
‎2020-07-05 07:49 PM
0 Likes
0
100
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2020-07-05 07:49 PM

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.

Share
Top Experts
User Count
APC_Steve
Lt. Commander APC_Steve Lt. Commander
2
GavanOB
Lieutenant GavanOB Lieutenant
1
lasalle_1
Crewman lasalle_1
1
Jef
Commander Jef Commander
1
tjlaw
Lieutenant JG tjlaw Lieutenant JG
1
See More Top Experts
Find a Service Provider
Find a certified partner to help you address your integration, installation, maintenance and project needs.
View all Providers
Support

Have a question? Please contact us with details, and we will respond.

Contact Us
FAQ

Look through existing questions to find popular answers.

Learn More
About

Want to know more about Exchange and its possibilities?

Learn More

Full access is just steps away!

Join Exchange for FREE and get unlimited access to our global community of experts.

Connect with Peers & Experts

Discuss challenges in energy and automation with 30,000+ experts and peers.

Get Support in Our Knowledge Base

Find answers in 10,000+ support articles to help solve your product and business challenges.

Ask Questions. Give Solutions

Find peer based solutions to your questions. Provide answers for fellow community members!

Register today for FREE

Register Now

Already have an account?Log in

About Us FAQ Terms & Conditions Privacy Notice Change your cookie settings
©2020, Schneider Electric