Beruflich Dokumente
Kultur Dokumente
Product
Controller
Software
VxWorks OS
3.5.0+
Issue
As of Ovation 3.5.0, the capability to telnet into controllers has been removed for security
design considerations. Those capabilities that require remote shell access to the controllers
are still available to Emerson engineers via SSH connection and authentication via Remote
Authentication Dial In User Service (RADIUS), but first require additional configuration of
Network Policy and Access Services on the "primary" Domain Controller.
Mon
25
4
11
18
25
1
Tue
26
5
12
19
26
2
March, 2013
Wed Thu Fri
27 28 1
6
7
8
13 14 15
20 21 22
27 28 29
3
4
5
Initial Date
Sat Sun
2
3
9 10
16 17
23 24
30 31
6
7
Mon
31
7
14
21
28
5
September,
Tue Wed Thu
1
2
3
8
9 10
15 16 17
22 23 24
29 30 1
6
7
8
2015
Fri Sat Sun
4
5
6
11 12 13
18 19 20
25 26 27
2
3
4
9 10 11
Last Updated
Local (unauthenticated) console access to the controllers is still available via RJ-45 port
(OCR400) and micro USB port (OCR1100). The pin-out detail of the DG-9/RJ-45 connector
for OCR400s is the subject of Knowledge Base Article #135.
Workaround
N/A
Solution
These RADIUS capabilities can be configured per the instructions available in the Managing
Security for Ovation 3.x (OW3xx_40) user documentation for Ovation 3.5.0 and newer.
The Shared Secret that is required to partially facilitate this authentication for Ovation
controllers is presently hard-coded into the Ovation 3.5.0 software. It is mentioned in the
user documentation, but intentionally omitted for security considerations. This Shared
Secret is being made available in this article for the specific purpose of allowing Emerson
personnel to configure these remote access capabilities.
Reasonable attempts should be made to withhold the Shared Secret from non-Emerson personnel
and to have the RADIUS configuration implemented directly by Emerson personnel. Efforts should
be taken to avoid sharing this information externally, when and where possible. However, when
directly requested by a customer, the Ovation-CERT team has agreed that is acceptable to reveal
this information.
Controller Error : Subsystem Error : Controller Shell : 0x1 : 0x0 : 0x0 : 0x0
Corresponding to:
Fault Code: 66
Fault ID: A
Fault Parameter 1: 6
Fault parameter 2: 1
This information does not appear to have been added to the Fault Information Tool as of
the initial date of this article, though an SDR on this subject has been entered.
Also, please be aware that all commands entered via the SSH connection are captured and
logged via syslog, and will thus appear in the Ovation Error Log and/or SIEM appliance, if
so configured.
Entered By
Tarek El Mohamad
FEA?/FEA Number
SDR?/SDR Number
REA?/REA Number
IUI?/IUI Number
Notif?/Notif Number
CAR?/CAR Number
Patch Available?
yes
yes
no
no
no
no
396
19501
0
0
0
0
no
Link #1
Link #2
Link #3
Link #4
Link #5
Live Article URL
Page 2 of 2
http://uspit-web12.emrsn.org/kb.a5w?kb_filter=id=1066