Security; Security Guidelines; How To Report A Security Vulnerability - Honeywell SMV800 User Manual

6.1

Security Guidelines

The SMV800 provides several features designed to prevent accidental changes to the
device configuration or calibration data. These features include a Hardware Write Protect
Jumper and a Software Write Protect configuration parameter. These features can be used
in combination to provide multiple layers of configuration change protection. The default
software PIN is "0000" and this needs to be changed by user during installation and
commissioning.
A hardware write-protect locks out changes regardless of the entry of a PIN. The hardware
jumper requires physical access to the device as well as partial disassembly and should not
be modified where the electronics are exposed to harsh conditions or where unsafe
conditions exist. For configuration or calibration changes without changing the hardware
jumper position the user may choose to rely on the PIN and software lockout features.
Ensure that the device has Software write protect enabled and hardware write protect
jumper in appropriate position on the device to prevent any unauthorized configuration
changes. Change the software PIN peridically and securely maintain the PIN.Reset /
Forgot PIN option is supported where user can send the serial number of the device to
Honeywell Technical Assistance Center and get the license code to reset PIN.
A tamper detection feature (see section 5 of this document for more details) is available
that can indicate that an attempt was made to change either the configuration or calibration
of the device (whether a change was made or not). These security features are designed to
avoid accidental changes and to provide a means to detect if an attempt was made to
change the configuration and calibration.
Physical access to device: MODBUS host and the devices on the control network shall
have physical access controll. Otherwise a malicious operation on the transmitters will
result in process Shutdown or impact process control. For maximum security, the
transmitter device must be protected against unauthorized physical access.
6.2

How to report a security vulnerability

For the purpose of submission, a security vulnerability is defined as a software defect or
weakness that can be exploited to reduce the operational or security capabilities of the
software or device. Honeywell investigates all reports of security vulnerabilities affecting
Honeywell products and services.
To report potential security vulnerability against any Honeywell product, please follow the
instructions at:
https://honeywell.com/pages/vulnerabilityreporting.aspx
Submit the requested information to Honeywell using one of the following methods:
• Send an email to security@honeywell.com or
• Contact your local Honeywell Process Solutions Customer Contact Centre (CCC)
or Honeywell Technical Assistance Centre (TAC) listed in the "Support and
Contact information" section of this document.
Revision 1.0

6. Security

SMV800 Modbus User's Guide Page 206