Cyber security is a top concern at Honeywell, and we continuously evaluate our products to ensure their quality and security.
We recently discovered a potential security vulnerability in our Midas Gas Detector. Although we are not aware of any incidents related to the identified vulnerability, we are alerting our customers of this issue to strongly encourage them take the steps outlined here to secure their devices.
The vulnerability is related to the web server interface for networked Midas devices:
- Unauthorized persons may be able to bypass password protection, potentially enabling them to adjust the device configuration or initiation of calibration & test processes.
- The user password can be identified via web diagnostic tools common to internet browsers.
Honeywell has prepared a free, downloadable security patch to correct the issue, available here
In addition to installing the security patch, Honeywell strongly recommends that customers with affected products take the following additional steps to protect their devices:
- Passwords should always be used on installations of Midas to prevent unauthorized access.
- Allow only trained and trusted persons to have physical access to their system, including devices that have connection to the system though the Ethernet port.
- If possible, isolate your system from the Internet or create additional layers of defense by placing the affected hardware behind a firewall or into a DMZ.
- If remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network the device is on.