MDT AutoSave Security Update

• Vulnerabilities were found in the AutoSave version earlier than 6.02.xx.
• All vulnerabilities were fixed as part of AutoSave v7.06 (released in 26 April 2021) and all later versions.
• No known public exploits target these vulnerabilities (Source: Cyber and Infrastructure Security Agency)
• AutoSave offers the highest possible security, only if you are using the latest version.
• MDT Software recommends upgrading AutoSave to the latest version, currently version 7.06.

MDT has released patches for the version 6.x and 7.x AutoSave product lines to address security vulnerabilities that were identified. As a provider of software that supports cybersecurity, MDT recognizes the importance of security for industrial control systems and the software that interacts with these systems.

AutoSave runs inside some of the largest industrial enterprises in the world to automatically store software versions, document them, and securely back up data that can be compared to current error-free versions in order to ensure plants run efficiently. Any disruption or manipulation of the information handled by the product could have devastating consequences to the safety and integrity of an industrial process. 

The company, a leader in data management for automated production environments, has a team of internal security experts working on testing and improving its products. In addition to effectively safeguarding customers data, customers benefit from high plant availability and keep downtime to an absolute minimum. MDT Software also relies on the input and feedback of external researchers in order to ensure product security is maintained at the highest level.

CVE Information can be found here: MDT AutoSave | CISA

• AutoSave Customers Prior To Version 6.02
  If you have an AutoSave version earlier than 6.02.xx at your plant, we recommend that you upgrade your system to AutoSave v7.06 with the assistance of our field services team. See details below. 
   

• AutoSave 6.02 Customers
  If you have AutoSave version 6.02.01 - 6.02.05 at your plant, you should at a minimum, install the patch (link below) to upgrade your system to AutoSave v6.02.06. This patch addresses the most significant vulnerability recently identified, as well as several other updates. 

  If possible, we recommend that you engage our field service team to upgrade your system to AutoSave v7.06. AutoSave Version 7 includes our web-based AutoSave Portal, new online training offerings and other features such as a flexible Scheduled Compare Tool. To see a list of all the improvements and enhancements available with AutoSave 7.x, please click here.  However, if your plant wishes to continue to run AutoSave version 6.02x, please update to version 6.02.06.

• AutoSave 7.x Customers
  If you have upgraded to AutoSave Version 7 but are running v7.00-7.04, please update to version 7.06. (If you are at version 7.05, you have the security updates, and no action is required.) Versions 7.05 and 7.06 address everything in the v6.02 patch and other vulnerabilities. In addition to important security updates, these include additional performance improvements, Portal enhancements and more.