Security - SD Card

Available on PLCnext Control AXC F x152 series in all firmware releases, and on RFC 4072S and BPC 9102S from firmware 2024.0 LTS

Accessibility

This WBM page is accessible with user role:

  • Admin
  • SecurityAdmin (from firmware 2022.0 LTS)

How to get into the WBMHow to get into the WBM

Establishing a connection to the Web-based Management (WBM):

  • Open a web browser on your computer.
  • In the address field, enter the URL https://<IP-address-of-the-controller>/wbm,
    for example: https://192.168.1.10/wbm.

For further information, see WBM.

SD Card page

If the internal flash memory is not large enough for your application, the AXC F 1152AXC F 2152 and AXC F 3152 controllers can be operated using an additional SD card.

Please note the following when operating the controller with an SD card:

  • The SD card can be read with a conventional SD card reader at any time. Sensitive data on the SD card can be read if you do not physically protect the SD card against unauthorized access. From firmware version 2024.0 LTS LIC SD cards can be encrypted to protect the data.
  • Ensure that unauthorized persons do not have access to the SD card.

You can activate or deactivate the support of the SD card on the SD Card page.

  • If support of the SD card is activated (default setting), the SD card is recognized during the initialization phase of the controller.
  • If support of the SD card is deactivated, the controller does not recognize the SD card.

Please note the following when operating the controller without an SD card:

If support of the SD card is activated and the controller is operated without an SD card, there is a risk of data theft or data manipulation. Unauthorized persons can insert an SD card and restart the controller. In this case, the SD card is recognized during the initialization phase of the controller. If there is an overlay file system on the internal flash memory, it will be copied to the SD card. The overlay file system on the internal flash memory will be deleted.

Furthermore, all application-specific data will be deleted from the internal flash memory. Any PLCnext Engineer projects and IP configurations stored there will no longer be available. The controller accesses the data stored on the SD card.

Recommended:

  • Deactivate support of the SD card if the controller is to be operated without an SD card.
  • Make sure that unauthorized persons do not have access to the controller.
WBM page SD card from firmware version 2024.0 LTS
WBM_SD-Karte.png

Show this WBM page in earlier firmware releases Show this WBM page in earlier firmware releases

Up to firmware release 2023.9, this page looks like this:
WBM_SD-Karte.png

 

Status area

In the Status area, you can see whether the controller is currently being used with or without an SD card, as well as encryption status and password settings.

Operation with SD card

If you operate the controller with an SD card (display in Status area: External SD Card), any application-specific data is stored on the SD card. The overlay file system is generated on the SD card.

Operation without SD card

For PLCnext Control devices with optional SD card only:

If you operate the controller without an SD card (display in the Status area: Internal SD Card), all application-specific data is saved to the internal flash memory of the controller. The overlay file system is generated on the internal flash memory.

Configuration area

Support for external SD card

On PLCnext Control devices where using an SD card is optional (e.g., AXC F x152), you can activate or deactivate the support of the SD card interface in the Configuration area.

By default the Support for external SD Card is inactive.

Toggling the state

From firmware version 2024.0 LTS

Activating the SD card interface

  • Press the Activate support button.
  • Reboot the controller, for example via the Cockpit WBM page.
    ↪ The Support for external SD Card is enabled.

Deactivating the SD card interface

  • Press the Deactivate support button.
  • Reboot the controller, for example via the Cockpit WBM page.
    ↪ The Support for external SD Card is disabled.

Up to firmware version 2023.9

Show the former WBM page state Show the former WBM page state 

WBM_SD-Karte.png
  • Enable or disable the Support external SD Card checkbox.
  • To apply the setting, click the Apply button;
    to drop the setting, click the Reset button.
  • Restart the controller for a changed setting to take effect. 

When operating the controller without an SD card, please note the following:

If support of the SD card is active even though the controller is operated without an SD card, then there is a risk of data theft or data manipulation. Unauthorized personnel can insert an SD card and restart the controller. In this case, the SD card is recognized during the initialization phase of the controller. If there is an overlay file system on the internal flash memory, it will be copied to the SD card. Your project could then be stolen just by shutting down the controller and removing the unauthorized SD card.

Furthermore, during the overlay file system and all application-specific data will be deleted from the internal flash memory. Any PLCnext Engineer projects, logged data and IP configurations stored there will no longer be available. The controller boots from the SD card and accesses all data stored on the SD card.

Recommended:

  • Deactivate support of the SD card if the controller is to be operated without an SD card.
  • If support of the SD card is activated, make sure that unauthorized personnel cannot access the controller physically or via the network interface.

Note: A reset to default setting type 1 of the controller does not affect the setting whether the support of the SD card is activated or deactivated.

Reactivation after Factory Reset

Available from 2024.0 LTS for AXC F 1152AXC F 2152AXC F 3152

You can select whether support for the external SD card should be activated or deactivated in the event of a reset to default settings (type 1). The default setting is that the activation/deactivation status is retained after the reset. To make sure the controller can always boot from the SD card again (e.g. after an automated reset), you can set the interface up to that:

  • Enable the Reactivation after Factory Reset checkbox.

Note:

  • If you activate the Security Profile, then the Reactivation after Factory Reset option will be disabled if active.
  • If you deactivate the Security Profile then a reset to default setting (type 1) is performed implicitly. So if you want to continue using the external SD card afterwards, first mark the Reactivation after Factory Reset checkbox so the controller can boot again from the overlay file system on the SD card. 
    Note: Be aware of the security risks in this scenario! Ensure that only authorized personnel has access to the SD card which contains sensitive data.

Data Protection area

Available from 2024.0 LTS

In this section you have the option of encrypting SD cards and assigning a password to protect your data from unauthorized access and manipulation. This feature works with specific SD card types types only; if another SD card is present in the slot then the according buttons in this WBM page become inactive.

Note: Before pressing any button in this section, please read carefully about working with an encrypted SD card in the context of PLCnext Technology.

System Message area

In the System Message area, information on the current configuration status or changes of the configuration are displayed (Information). Potential security risks are displayed as well (Warning).

Note: Security risk warnings will only be visible if logged in with the SecurityAdmin or SecurityAuditor user role.

• Published/reviewed: 2024-09-24   ☀  Revision 073 •