Product Security
Learn about the end-to-end data protection built into our firmware, hardware, and processes.
Security is woven into the fabric of everything we build—empowering our customers with trustworthy data storage solutions that protect what matters most. Seagate products are engineered to stand strong against cyber threats—built with secure features, hardened manufacturing, and secure-by-design principles. Our robust public key infrastructure and certified cryptographic services safeguard data at every stage. With ongoing resilience testing and ISO 20243 product security certification, we ensure a trusted lifecycle from production to deployment.
At Seagate, we’re deeply committed to protecting the security of our products and services—and the privacy of our customers, employees, suppliers, and partners. We welcome the responsible disclosure of potential vulnerabilities across our technologies and platforms.
In today’s data-driven world, information is one of your most valuable business assets—and it demands protection. That’s why security experts advocate for a comprehensive approach that combines both hardware- and software-based encryption. As storage performance and accessibility accelerate, encrypting every bit of your business data isn’t just best practice—it’s essential.
Issue |
Products |
Solution |
Release Date |
RAID enabled SeaChest and SeaDragon |
RAID enabled SeaDragon_<ToolName>_R and SeaChest_<ToolName>_R with a build date of December 4, 2023, and later have remediated the vulnerabilities for the following: Microchip, PMC and HPE SmartRAID or SmartHBA Controllers. · Latest version of SeaChest · For the latest version of SeaDragon, contact your Seagate Customer Support Engineer At this time, Windows versions of SeaDragon and SeaChest released December 4, 2023, or later do not support Adaptec Controllers Series 8. There is not a current workaround for these controllers on Windows. |
December 4, 2023 |
|
Exos X 3005 Hybrid Storage Arrays |
Vulnerability is exploited with specific ciphers: there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). Mitigations by removal of the ciphers can done on either server side or client side to be effective. |
Products are EOL. Fix and intercept with future planned release. |
|
Seagate Backup Plus Desktop 4TB (STDT4000100) |
Seagate products are designed to operate within defined acoustic, shock, and vibration tolerances. Exceeding defined tolerances, as stated in the product specifications, may cause product failures and void the product warranty. Users should ensure the products operate in an environment that meets Seagate's operating environment specifications |
8/29/23 |
|
Pre-Auth Remote Code Execution (RCE) Vulnerability |
LaCie Cloudbox |
2.6.11.1 (Cloudbox) |
6/17/2021 |
|
NetworkSpace 2 Products:
· Network Space 2 · Network Space Max · d2 Network 2 · 2big Network 2 · 5big Network 2 |
2.2.12.3
|
6/17/2021 |
LaCie 5Big NAS Pro |
6/15/2016 |
||
Seagate NAS |
6/15/2016 |
Dive into Seagate security-focused articles, where we share the latest trends, best practices, and expert insights to help safeguard your data. Stay updated on the evolving landscape of product security, vulnerabilities, and solutions designed to keep your information protected.
Seagate stays up to date on the latest industry security standards. These are the certifications Seagate has attained for its products.
Seagate demonstrates a steadfast commitment to data sanitization, cryptographic protection and supply chain integrity through compliance with the following standards.
Seagate follows rigorous data sanitization practices to protect customer data on used drives and systems. Our certified software erasure tools and processes meet the PURGE level of the IEEE 2883 Standard for Sanitizing Storage.
We collaborate with organizations across the industry to share knowledge while also giving back to the community.
OCP is a collaborative community focused on redesigning hardware technology to efficiently support the growing demands on compute infrastructure.
The Open Group is a global consortium that seeks to enable the achievement of business objectives by developing open, vendor-neutral technology standards and certifications.
TCG is a non-profit that develops, defines, and promotes open, vendor-neutral, global industry standards supportive of a hardware-based root of trust, for interoperable trusted computing platforms.
The Linux Foundation is a non-profit dedicated to supporting Linux development and open-source software projects.
CVE Program provides a standardized system for identifying, documenting, and sharing publicly known cybersecurity vulnerabilities to help organizations assess and mitigate risk. CVE Numbering Authority assigns CVE IDs to newly discovered vulnerabilities.
The Forum of Incident Responders & Security Teams (FIRST) enables incident response teams to more effectively respond to security incidents, both reactively and proactively.
SNIA is a non-profit organization that creates global standards and specifications to advance technologies in data storage, transfer, infrastructure, acceleration, formats, and protection.
CDI is a partnership of global leaders in digital storage, data centers, sustainability, and blockchain collaborating to reduce e-waste by enabling, driving, and promoting the secure reuse of storage hardware.
