Issue
Any third party BACnet client can initiate an EBO backup.
Product Line
EcoStruxure Building Operation
Environment
- Building Operation Enterprise Server
- Building Operation Automation Server
Cause
As of EBO 2023 (5.0.2.109), EBO's BACnet backup operation requires no password which means any BACnet client with the EBO server BACnet interface's device ID can initiate an EBO backup without any restrictions.
Any such backup can be identified by looking at the backup description in EBO, the backup will explicitly indicate that it was generated by third party BACnet Workstation.
Resolution
Starting with EBO R4.0.4 CP2 (when available) and EBO 2023 CP1 (when available), a new rule can be added to the BACnet service_blacklist to disable BACnet backup service.
See https://community.se.com/t5/Building-Automation-Knowledge/BACnet-RULES-implementation-to-disable-fea... for details on how to create service_black list.
Use the following syntax to create a rule that restricts BACnet back up initiated by 3rd party BACnet client on the EBO server.
<blacklist>
<global>
<restrict-backup-service/>
</global>
</blacklist>
Any BACnet client requesting backup from EBO server configured with the above rule will be presented with error similar to screenshot below.