To comply with new security laws that came with SB-327, Digi has implemented better security on Digi Connect ME 9210 modules running plug and play firmware. see: https://www.digi.com/support/knowledge-base/unique-default-passwords-for-digi-products
Digi implemented a unique password for each device and implemented a new firmware with a better security key and specific manufacturing procedure to comply with SB-327. With PCN#191204-01 Digi obsoleted DC-ME-Y402-S PN:(1P)50001528-02 and -37 with firmware 82001607 revision M6 or earlier. The pin compatible replacement is DC-ME-Y402-S-UPW PN:(1P)50001528-40 running firmware 82001607 revision P or newer. Revision P firmware also includes critical security vulnerability fixes in the Treck stack (Ripple20).
The new module has a unique password printed on its label and the box it comes with includes a copy of this unique password. Users may change the password to anything else they prefer, but after a factory reset, the unique password from the label is back in place. Its recommended that customers scan the bar code for a record of the unique password.
The firmware behaves similar. Due to the initial key generation, after the first boot of the module, you might once need to wait for successful key generation for several minutes, before you are able to login.
Configuration files backup.cfg created on old modules can be read by the new modules.
sample of new DC-ME-Y402-S-UPW:
The unique password change does NOT apply to modules running NET+OS (-C) or Linux (-LX), as it is in the responsability of the customer to program a custom firmware on these to implement whatever security methods to comply with SB-327.
Oct 14, 2020