Cause:
With the introduction of new California State legislation (SB-327), which comes into effect from January 1st, 2020, any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features, designed to prevent unauthorized access, modification, or information dis-closure. APC by Schneider Electric (APC) network-enabled devices firmware is updating in compliance with this legislation. Please note that the NetBotz can still get a DHCP address but without first logging in serially, you can not add it to StruxureWare DCE or log in through the web.
Resolution:
The following are the overview of changes which will come into effect with this new Botzware 4.7.0 version. Please note that this applies on a newly deployed or newly reset to default appliance. These changes are not going to affect a unit that is currently configured and is simply being upgraded to 4.7
WEB access will be OFF by default. It will be required to login via the USB console (serial session) using root/apc and define a new password.
You will then be able to login via a web browser via HTTPS (https://Netbotz_IP) using the apc username and the new password you defined.
NOTE: The serial config utility no longer works with v4.7 and higher. This is due to the fact that it can not process the new password requirement.
The new password update will look similar to the below listing:
Warning: system login through this interface without direction