INTERTEK Cybersecurity UL 2900-1 Report 2024

02 May 2024

At GENEREX, data security has been our top priority since 2019. We therefore regularly have our products checked for security gaps by independent institutions. All of our network products are based on this CS141, and are at the current security level with firmware 2.18 (March 2024). They are therefore validly considered the safest devices on the market!

There are no specific cybersecurity regulations for devices in our industry, such as those for medical technology. Therefore, the UL 2900-1 test uses a basic standard for network products that is collectively referred to as “Software Cybersecurity for Network Connectable Products – General Requirements” and covers many attack scenarios. We chose the US standard UL 2900-1 as the testing standard because we believe this is the most widely used safety standard in the industry and there is currently no better or more practical standard in the EU and in the US this standard is accepted in all data centers.

UL 2900-1 is criticized by safety specialists from the EU from being “too irrelevant” to “too complex”. In our opinion, this impression results from the fact that the effort required to test security is extremely high but does not reflect the reality of an actual attack scenario. But even if one criticizes this standard, in our view it is still a sensible standard that one should adhere to in order to develop secure network products. We also assume that UL will adapt this standard in the future and thus remain current. For us too, the threat situation is constantly changing, and we also have to constantly adapt the security standards and testing procedures, which is why we carry out this security test again at regular intervals and have it certified by UL.

However, since their customers are frontline workers, they are the ones who notice safety-related factors first! We therefore continue to ask all your customers or end users of our products to contact us directly if a security gap is found or if there are any doubts.

Please use the following email addresses to submit security reports security@generex.usfor North America and security@generex.defor Europe.

We take care of every incoming security report immediately!

We are pleased to announce that the new UL 2900-1 report on the CS141 with firmware 2.18, issued on March 7, 2024, by the Intertek Nationally Recognized Testing Laboratory (NRTL), is now fully compliant with the UL2900-1 standards!

This achievement underscores our commitment to providing robust cybersecurity solutions. Our customers can rely on the CS141 and all products based on it (BACS, SITEMANAGER and SITEMONITOR) to reliably and effectively protect their critical systems and sensitive data from cyberattacks in 2024.

The new UL 2900-1 report in firmware 2.18 shows a single point that belongs to the “Informational” category and therefore does not represent a security vulnerability!
The user note that is criticized here is information to the user that the configuration found BEFORE the update contains vulnerabilities that continue to be “unsafe” with the firmware update 2.18. We leave it up to the customer who has decided on their settings to leave them as they are, so we accept this last point of criticism and will no longer rework it and will adopt the configuration we found in an update.
The only change in the next firmware 2.20, which will be released in mid/late 2024: There will be a user note that points out this fact and reminds the user that the user tolerates a known security vulnerability in his configuration. According to the NRTL, this last safety criticism has also been resolved.

What is new is that the UL 2900-1 Cybersecurity Report 2024 with FW 2.18 will now also be available for download on the web so that you can present it to your end customers.

We ask for your understanding that we will only allow the detailed NRTL UL2900-1 report on the CS141 to be viewed in the latest 2024 edition if there are legitimate requests. Basically, this is done to protect against future threats, so as not to tell hackers which tools were used in detail to carry out the security checks.

We are proud to be the only provider in this market to be able to offer a device from EU or US production that fully meets the safety standards of UL 2900-1 in 2024!