Issue: The USB service port is enabled by default.
If a malicious actor has a physical access to the device, then they can install unauthorized software.
Resolution: Emerson recommends disabling option when not needed and operating the device within a secure
physical environment (refer to Enable or disable the service port).
Defaults
This transmitter is equipped with a Universal Service Port that works with USB type C connections, including
compatible flash drives. There are multiple levels of security built into the transmitter service port that you can
configure according to your needs and security standards.
The service port offers the following features that enhance interface security:
• The service port is inaccessible without physical access to the transmitter and requires removal of the
terminal cover.
• The service port can be disabled from the transmitter through software (refer to Enable or disable the
service port).
• The transmitter has a non-traditional operating system that is neither designed to execute programs nor to
run scripts.
• The display can be passcode protected to limit access to the USB file menu.
• Overall transmitter security switches such as the write protect (dip) switch disallows configuration changes
from all interfaces, including the Universal Service Port. More information can be found in Security and
write protection.
This transmitter is :
• Designed to be implemented in an industrial automation control system (Level 1 of the Purdue Reference
Architecture Model), with defense-in-depth security controls.
• Not intended to be directly connected to an enterprise or to an internet-facing network without a
compensating control in place.
1.3.3 Secure operation guidelines
Operation of product
Best practices of product operation:
• Operate the device within a controlled and secured physical environment.
• Operate the device within a controlled and secured network environment.
• Manage all the accounts on the device according to the security policy of your company.
Reporting security vulnerabilities
Use Report a Vulnerability on Emerson.com for reporting vulnerabilities back to Emerson.
Best security practices
Best practices of product operation:
• Do not connect the device to the worldwide net.
• Apply security patches and updates as they are released. Maintain power to the device during the entire
firmware update.
• Change the passcodes and passwords frequently (at least once a month).
• When entering the local display passcode, ensure no one else can view the passcode.
Configuration and Use Manual Before you begin
MS-00809-0200-1600 May2024
Configuration and Use Manual 9
To Next Page
Loading...
