Control Expert
A security configuration tool is used to define software users and their respective authorizations. Control Expert access security concerns the terminal on which the software is installed and not the project, which has its own protection system.
For more detailed information, refer to EcoStruxure™ Control Expert, Security Editor, Operation Guide.
Recommendation: Set a dedicated password to the super user and limit other users authorizations with a restricting profile.
Programming and Monitoring Mode
Two modes are available to access the CPU in mode:
mode: The CPU program can be modified. When a terminal is first connected to the CPU, the CPU becomes reserved and another terminal cannot be connected as long as the CPU is reserved.
mode: The CPU program cannot be modified, but the variables can be modified. The monitoring mode does not reserve the CPU, and an already reserved CPU can be accessed in monitoring mode.
To choose a mode in Control Expert , select: .
More details on those modes are provided in the Services in Online Mode topic.
Recommendation: Set the CPU access mode to whenever possible.
Program Sections Protection
The section protection function is accessible from the screen of the project in offline mode. This function is used to protect the program sections. More details are provided in the Section and Subroutine Protection topic.
Recommendation: Activate the sections protection.
CPU Memory Protection
The memory protection prohibits the transfer of a project into the CPU and modifications in online mode, regardless of the communication channel.
The memory protection is activated as follows:
Modicon M340 CPU: Input bit. More details in the Configuration of Modicon M340 processors section.
Modicon M580 CPU: Input bit. More details in the Managing Run/Stop Input section.
Modicon Quantum CPU: Physical key switch on the CPU module, either for low end or high end CPU.
Modicon Premium CPU: Input bit. More details in the Configuration of Premium processors section.
Modicon MC80 CPU: Input bit. More details in Modicon MC80 CPU manual.
Recommendation: Activate the CPU memory protection whenever possible.
CPU Remote Run/Stop Access
The remote run/stop access management defines how a CPU can be started or stopped remotely and depends on the platform:
| Modicon M580: | CPU remote access to run/stop allows one of the following:
|
| Modicon M340: | CPU remote access to run/stop allows one of the following:
Refer to the Configuration of Modicon M340 Processors section. |
| Modicon Premium: | CPU remote access to run/stop allows one of the following:
Refer to the Configuration of Premium\Atrium Processors section. |
| Modicon Quantum: | CPU remote access to run/stop allows to:
|
| Modicon MC80: | CPU remote access to run/stop allows one of the following:
Refer to the Configuration of Modicon MC80 Processors section in MC80 user manual. |
Recommendation: Deny running or stopping the CPU remotely by request.
CPU Variables Access
Recommendation: To protect CPU data at run time from illegal read or write access, proceed as follows whenever possible:
Use unlocated data.
Configure Control Expert to store only HMI variables: .
can be selected only if is selected.
Tag as HMI the variables that are accessed from HMI or SCADA. Variables that are not tagged as HMI cannot be accessed by external clients.
Connection with SCADA has to rely on OFS.
Data Memory Protection
You can activate data memory protection in Control Expert by navigating to , then select Apply. This feature helps protect both located and unlocated data.
For more information on the data memory protection feature, refer to the topic Data Memory Protection.