ThingsBoard
成立一年
2016年馬賽克的分數
馬賽克評分是一種算法,私營企業的整體財務狀況和市場潛力。
+ 10分在過去的30天
缺失:ThingsBoard的產品演示和案例研究
促進你的產品提供技術買家。
達到1000年代的買家使用CB的見解來確定供應商,演示產品,188bet游戏做出購買決定。
缺失:ThingsBoard的產品&微分器
不要讓你的產品被跳過。買家使用我們的供應商排名名單公司和驅動(rfp)請求建議。
最新的ThingsBoard新聞
2023年4月7日
管理員無法更新補丁ThingsBoard版本可以手動更改默認簽名密鑰。ThingsBoard的開發者,一個開源平台管理物聯網設備用於各種行業,有固定的漏洞可能允許攻擊者升級他們的權限管理權限的服務器和發送請求。脆弱性,追蹤cve - 2023 - 26462,由來自IBM的研究人員發現並私下報道安全X-Force。它源於平台使用一個靜態密鑰簽署JSON Web標記(jwt)發給客戶。知識的鑰匙,可以很容易地獲得,攻擊者可以建立有效的請求,允許他們識別係統更高的特權用戶。“因為ThingsBoard允許默認鍵不需要使用管理員改變它,因為默認關鍵也暴露出配置文件公開,門是打開的部分,攻擊者獲得未授權訪問的目的是什麼,“X-Force研究者在他們的報告中稱。缺陷是固定在ThingsBoard版本3.4.2通過生成一個隨機的關鍵每個新安裝或升級到3.4.2或更高版本。如果管理員不能立即升級,他們可以手動改變默認的簽名密鑰對舊版本的配置文件或通過管理儀表板。不安全的實現JSON Web標記JSON Web無狀態的身份驗證令牌是一個互聯網標準被廣泛采用在移動和Web應用程序中,尤其是在場景交互認證是不切實際的,如機器對機器或service - to - service溝通。無狀態的驗證不依賴於用戶名和密碼被估算和用戶的會話的狀態被存儲在服務器上。 Instead it relies on tokens or tickets that contain certain assertions or claims about an user that the server knows to be true. With JWT, the server generates a token for a client and signs it with its secret key. That token consists of a payload that identifies the user and their permissions. Every time the user or client wants to perform an action on the server, they send their signed token along with the request. It's easy to see in this workflow why keeping the signing key secure is important. Otherwise, someone who knows the server's key could take a valid payload, alter values in it, and then re-sign it with the key so the server will accept it as valid. In the case of ThingsBoard, an attacker can change the scope value from the JWT that identifies the user's role on the server and therefore dictates what privileges they have. Some of the high-privileged scopes can be TENANT_ADMIN or SYS_ADMIN. Tenants are organizational subdivisions on the platform and tenant admins can manage all devices belonging to a certain tenant. System admins, however, have control over the whole system, including the ability to manage all tenants. "By editing this role value and generating a new, valid signature for the payload, a user can escalate privileges within the platform to the highest level," the X-Force researchers said. "This grants access throughout the entirety of the platform, including other tenants, users, and devices not affiliated with the original account." ThingsBoard can manage and collect data from devices that support a variety of IoT gateways, cloud APIs, and communication protocols such as: MQTT, HTTP, CoAP, Webhooks, LwM2M, LoRaWAN, SigFox, NB IoT, SMS, OPC-UA, Modbus, BLE, Request, CAN, BACnet, ODBC, REST, and SNMP. It integrates with platforms such as Azure Event Hub, AWS IoT, Azure IoT Hub, and IBM Watson IoT. Due to the multitude of connectivity options, it supports both internet-enabled devices and devices that communicate over non-internet protocols. Use cases for ThingsBoard include collecting data from energy meters, soil monitors and farming equipment, smart irrigation systems, air quality monitors, fleet management systems, food storage monitors, water meters, and resource consumption monitors in offices. Its creators claim it’s used in energy, telecom, warehouse management, smart city projects, building automation, agriculture, and Industry 4.0 projects. "ThingsBoard is just one among many IoT platforms which, much like the devices that connect to them, all deserve further research and scrutiny," the X-Force researchers said. "Adoption of IoT devices in all industries will only continue to grow, and with it the need to ensure security in the platforms managing devices and collecting data." Next read this
ThingsBoard常見問題(FAQ)
ThingsBoard是何時成立的?
ThingsBoard成立於2016年。
ThingsBoard總部在哪裏?
ThingsBoard總部位於42百老彙,紐約。
ThingsBoard的競爭對手是誰?
競爭對手ThingsBoard包括nista.io。
比較ThingsBoard競爭對手
密特隆發展能源智能平台幫助工業工廠成為能源透明。密特隆能源工業所產生的虛擬助理利用多個源數據係統和利用機器學習技術來識別節能機會,連接分散的能源資源,並將能量轉化為利潤中心。
BeeBryte提供能源優化基於人工智能(AI)的軟件。它提供了遠程操作和維護服務(運營管理)heating-cooling-refrigeration係統(HVAC-R)在商業建築和工廠。它成立於2015年,位於裏昂,法國。
AMMP技術提供離網的數字業務解決方案組合,mini-grid, grid-edge能源資產。它提供開放和安全的端到端連接,靈活的數據管理、先進的可視化和報警。公司成立於2018年,總部設在阿姆斯特丹,荷蘭。
Ecoplanet B2B能源提供了一個平台,支持工業企業在能源過渡。分析大量的電能值,個人的行動建議。公司成立於2022年,總部位於慕尼黑的德國。
nista.ioprovides a cloud-based software platform to reduce emissions and energy costs for industrial companies. It integrates data from factories and helps to reduce energy costs of built factories by continuously finding custom improvement measures. It specializes in IoT, energy efficiency, manufacturing, knowledge management, and more. It was founded in 2020 and is based in Vienna, Austria.
WERI平台提供了一個人工智能的影響。公司的平台自動化數據采集、預測排放,並建議適當的行動來減少碳排放,降低成本,減少浪費。它使企業獲得全麵了解他們的碳排放在整個價值鏈。它成立於2021年,總部設在米蘭,意大利。
發現正確的解決方案為您的團隊
CB見解188bet游戏科技市場情報平台分析數百萬數據點在供應商、產品、合作關係,專利來幫助您的團隊發現他們的下一個技術解決方案。