Eaton PowerXL DM1 Series Applications Manual page 254

Hide thumbs Also See for PowerXL DM1 Series:

Installation manual (102 pages)

Quick start manual (68 pages)

Instruction leaflet (31 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

page of 258

/ 258
Contents
Table of Contents
Bookmarks

Table of Contents

Application notes

Category

Restrict logical access to PowerXL series drive

Restrict network access

244

POWERXL DM1 SERIES VARIABLE FREQUENCY DRIVE MN040049EN—September 2021 www.eaton.com

Description

It is extremely important to securely configure the logical access mechanisms provided in PowerXL Series VFD

to safeguard the device from unauthorized access. PowerXL Series VFD provides various types of administrative,

operational, configuration privilege levels. Eaton recommends that the available access control mechanisms

be used properly to ensure that access to the system is restricted to legitimate users only. And, such users are

restricted to only the privilege levels necessary to complete their job roles/functions.

Eaton recommends below best practices to be followed to ensure adequate cybersecurity of the setup/system

• Default credentials are changed upon first login. PowerXL Series VFD should not be commissioned for

production with Default credentials, it's a serious Cybersecurity flaw as the default credentials are published

in the manuals. Restrict administrative privileges - Threat actors are increasingly focused on gaining control

of legitimate credentials, especially those associated with highly privileged accounts. Limit privileges to

only those needed for a user's duties. Make sure that the password used in the device is only available to

authorized users like Configuring Engineers and not shared among all operational users.

• Perform periodic account maintenance to make sure that password is changed whenever there is personnel

change.

• Change passwords and other system access credentials as appropriate

• PowerXL Series VFD is provided with data/access protection mechanism on keypad, follow below steps to

utilize it

PowerXL Series VFD provides four levels of data protection for users to ensure the security:

1. Lock parameters on keypad. User can lock the parameters through DI or disable change, in which way all the

parameters cannot be edited.

2. Lock parameters while motor running. Motor control parameters can only be modified when motor is in stop

mode. In which way to enhance the motor security. The parameters are listed in the application manual.

3. Through Power Xpert inControl tool, facility to hide parameters on keypad is available. User can hide the

parameters he/she thinks are significant for himself/herself. Such as IP address and so on.

4. Password on keypad.

• 0000 means no password, which is the default.

• Password range is 0001 ~ 9999.

• With password, user can monitor parameters value but need enter password if he/she wants to edit

parameters.

• User needs to re-enter the password if there is no key operation in 1 min after enter the password.

• User needs to enter the old password if he/she wants to change to a new one.

PowerXL Series VFD provides network access to facilitate communication with other devices in the systems and

configuration. But this capability could open up a big security hole if it's not configured securely.

Eaton recommends segmentation of networks into logical enclaves and restrict the communication to host-to-host

paths. This helps protect sensitive information and critical services and limits damage from network perimeter

breaches. At a minimum, a utility Industrial Control Systems network should be segmented into a three-tiered

architecture (as recommended by NIST SP800-82[R3]) for better security control.

Deploy adequate network protection devices like Firewalls, Intrusion Detection / Protection devices,

Below are the protocols and their port details available on PowerXL Series VFD. Use below information for

configuring the firewalls.

PowerXL Series VFD provides below communication protocols –

• EtherNet IP protocols on RJ45 connector – enabled by default on port 44818 and 2222

• Modbus TCP protocol on RJ45 connector – enabled by default on port 502

• Modbus RTU on RS485 physical layer – enabled by default

• BACnet MS/TP on RS485 physical layer – disabled by default, when this is enabled, Modbus RTU is disabled.

All the protocols have dedicated menu structure, and details are described in User's Manual for how to activate or

configure them.

• Eaton has published detailed information about various Network level protection strategies in Eaton

Cybersecurity Considerations for Electrical Distribution Systems [R1].

Table of Contents

Eaton PowerXL DM1 Series Applications Manual page 254

Related Manuals for Eaton PowerXL DM1 Series

Related Products for Eaton PowerXL DM1 Series

Table of Contents