PLCnext starting up The starting up of a PLCnext Control in a security context includes the following steps: Checking the device Deriving IP addresses Assigning IP addresses Configuring TLS Generating self-signed HTTPS certificates in the WBM Uploading the certificate in the browser Activating the Security… Read More
PLCnext environmental requirements Operating a PLCnext Control in a security context includes the following steps regarding environmental requirements: Configuring PLCnext Engineer Checking project data integrity Configuring extended firewall settings Configuring the system time Configuring central logging Activating OPC UA Server Activating OPC UA Client Activating HMI… Read More
Account management Operating a PLCnext Control in a security context includes the following steps regarding account management: Creating users Password complexity rules Checking the validity of passwords Configuring authentication errors and sessions Configuring Active Directory Connection • Web browser recommendation: Chrome/Edge 88… Read More
Checking the validity of passwords Changing the default password After the admin has created a user account with password, you must change the default password. If you do not change the default password, you will receive appropriate warnings. Password expiration If a password is about… Read More
Checking project data integrity Libraries and projects in PLCnext Engineer are hashed. The hashes assigned with PLCnext Engineer are checked by PLCnext Control. This way you can verify that data is not modified, tampered with, or corrupted. When creating the project in PLCnext Engineer, a manifest file with hashes is generated. Before the project is loaded… Read More
Configuring PLCnext Engineer For information on how to use PLCnext Engineer or how to create a project, refer to the Getting started with PLCnext Engineer topic in the main PLCnext Info Center. Open PLCnext Engineer. Open the project that you want to transfer to the PLCnext Control. Note: You may need to assign the correct… Read More
PLCnext Security use cases and security context PLCnext is supporting different security use cases: Openness is the leading approach, security is not a leading requirement: Industrial Security application note (AH EN INDUSTRIAL SECURITY) must be considered Security is an overall system design requirement, and is ensued by the… Read More
PLCnext Technology security hardening To use PLCnext Technology as an IEC 62443-4-1/4-2 certified component, the activation of the Security Profile is mandatory. In addition, the automation system design must fit the security context and the generic use cases described in this PLCnext Security Info Center. With activated Security Profile PLCnext Technology supports the following functions: Clean… Read More
Periodic security maintenance activities You must check regularly: user roles and permissions password complexity rules and password changes firewall settings all security-related settings the product download area for firmware updates the PSIRT webpage for known security vulnerabilities Security functionality verification… Read More
Integrity Check of Software Installations When installing software tools that have been developed according to the IEC 62443 standard, checksums are calculated over the installation. Phoenix Contact supports this, for example, for PLCnext Engineer. By verifying these checksums, manipulations of the installation and data corruption can… Read More
