Any FTP client installed on a computer that is connected to the controller (Ethernet port), without EcoStruxure Machine Expert installed, can be used to transfer files to and from the data storage area of the controller.
NOTE: Schneider Electric adheres to industry best practices in the development and implementation of control systems. This includes a "Defense-in-Depth" approach to secure an Industrial Control System. This approach places the controllers behind one or more firewalls to restrict access to authorized personnel and protocols only.
|
|
|
UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED MACHINE OPERATION |
|
oEvaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in-Depth, before connecting the automation system to any network. oLimit the number of devices connected to a network to the minimum necessary. oIsolate your industrial network from other networks inside your company. oProtect any network against unintended access by using firewalls, VPN, or other, proven security measures. oMonitor activities within your systems. oPrevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions. oPrepare a recovery plan including backup of your system and process information. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
NOTE: Make use of the security-related commands which provide a way to add, edit, and remove a user in the online user management of the target device where you are currently logged in.
The FTP server is available even if the controller is empty (no user application and no User Rights are enabled).
Access to the FTP server is controlled by User Rights when they are enabled in the controller. For more information, refer to Users and Groups Tab Description.
If User Rights are not enabled in the controller, you are prompted for a user name and password unique to the FTP server. The default user name is Anonymous and the default password is also Anonymous.
NOTE: You cannot modify the default user name and password. To secure the FTP server functions, you must do so with Users and Groups.
|
|
|
UNAUTHORIZED DATA ACCESS |
|
oSecure access to the FTP/Web server using User Rights. oIf you do not enable User Rights, disable the FTP/Web server to prevent any unwanted or unauthorized access to data in your application. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
In order to change the password, go to Users and Groups tab of the device editor. For more information, refer to the EcoStruxure Machine Expert Programming Guide.
NOTE: The only way to gain access to a controller that has user access-rights enabled and for which you do not have the password(s) is by performing an Update Firmware operation. This clearing of User Rights can only be accomplished by using a SD card or USB key (depending on the support of your particular controller) to update the controller firmware. In addition, you may clear the User Rights in the controller by running a script (for more information, refer to EcoStruxure Machine Expert Programming Guide). This effectively removes the existing application from the controller memory, but restores the ability to access the controller.
See File Organization.
