We (WEMS) offer the world's first fully wireless energy management system. Our solution enables your organization to take control of its energy costs, by monitoring lighting, heating and air conditioning equipment to identify wastage across multiple sites and start saving money instantly. Additionally, we offer a service which enables you to personally control the settings of your building - remotely, via text messaging and the internet - from wherever you happen to be in the world.
The wireless BMS solution has an undocumented backdoor account that is Base64-encoded. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the controller thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The check_users.sh Bash script is used to generate the default accounts on the system with their passwords and privilege level. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level 3 when using the addhttpuser program which allows full availability of the features that the WEMS is offering remotely. WEMS also ships with hard-coded and weak credentials for Telnet/FTP access using the credentials gast:glasshou or root:glasshou.