BACnet.

A building-automation and HVAC protocol standardized as ASHRAE 135 / ISO 16484-5 — widely deployed in HVAC, lighting, fire-alarm, and access-control systems in commercial buildings, historically with very weak authentication. 它属于网络安全的 OT / ICS / 物联网 分类。

A building-automation and HVAC protocol standardized as ASHRAE 135 / ISO 16484-5 — widely deployed in HVAC, lighting, fire-alarm, and access-control systems in commercial buildings, historically with very weak authentication.

BACnet (Building Automation and Control networks) is the dominant communications protocol in commercial building automation. It is standardized as ANSI/ASHRAE 135 and ISO 16484-5 and underlies HVAC, lighting, fire-alarm, energy-management, and access-control systems in office buildings, hospitals, schools, data centers, and large industrial campuses. BACnet defines a layered protocol with multiple data-link options (BACnet/IP over UDP/47808, BACnet MS/TP over RS-485, BACnet/SC over TLS, plus older Ethernet, ARCNET, and LonTalk variants) and an object-oriented model of services and objects (Analog Input/Output, Binary Input/Output, Schedule, Trend Log, etc.). Legacy BACnet/IP has essentially no authentication: any host on the BACnet network can issue Write Property requests, broadcast Who-Is and I-Am, or inject device-control messages. The newer BACnet Secure Connect (BACnet/SC, 2020) runs BACnet over TLS-secured WebSockets and is the recommended path forward. Real-world incidents (including a 2017 ransomware attack on a Finnish heating control system and the 2024 Lviv FrostyGoop case, conceptually similar) routinely abuse weak BACnet posture. Defensive practices include strict VLAN isolation of building-automation networks from IT and OT-NDR coverage tuned for BACnet anomalies.

针对 BACnet 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: ASHRAE 135, Building Automation Network。