Table of Contents
Advertisement
Security
4
Security
To secure plants, systems, machines and networks against cyberthreats it is necessary to
implement (and continuously maintain) an overall industrial security concept that is state of
the art.
Perform a risk assessment in accordance with VDI/VDE 2182 or IEC 62443-3-2 and plan
the security measures with care. If necessary, seek advice from Pilz Customer Support.
4.1
Required security measures
}
The product is not protected from physical manipulation or from reading of memory con-
tents during physical access. We therefore recommend that you install the product in a
lockable control cabinet.
}
The configuration computer that accesses the product has to be protected from attacks
by a firewall or other suitable measures. We recommend that a virus scanner is used on
this configuration computer and updated regularly.
}
If necessary, protect the configuration computer and the product from unauthorised use
by assigning passwords and taking further measures if required. We also recommend
that the user logged on to this configuration computer does not have administrator rights.
}
Ensure that the product is separated by a router (layer 3 switch or firewall) from the com-
pany network.
}
Assign only safe passwords. When assigning passwords, please note:
– The password should have at least 8 characters.
– The password should contain upper and lower case characters, as well as special
– If possible, the password should not be available in dictionaries.
– The password should not be made up of standard variants and repetitions or key-
– Use a password manager for optimum management of complex passwords.
– Language-dependent characters are not available in every keyboard language.
– Make sure you regularly change the passwords of the user accounts on the system or
– Make the users aware of the responsible use of their access data.
}
Modbus/TCP has no security mechanisms. Use a firewall to protect the product from un-
authorised access.
}
As soon as possible, install firmware updates that Pilz provides for the product.
}
The product permits firmware downgrades. Before you downgrade, you should check
what firmware version you install to prevent re-opening up safety gaps that are already
known and that were closed by a firmware update.
}
Check the log of the product for security-relevant entries on a regular basis.
}
Log data may contain personal data. Only store exported logs on a storage medium that
is adequately protected.
}
Use only one USB memory from a secure source. A manipulated USB memory could
compromise the system.
Operating Manual PMCprimo C2
1004683-EN-02
characters and numbers.
board patterns (so not: 1234abcd).
ask the users to change their passwords themselves.
| 16
Advertisement
Table of Contents
