Safety notes

Risk of unauthorized access to network

Connecting devices to a network via Ethernet always entails the risk of unauthorized access to the network.

Please note the guidelines in our PLCnext Security Info Center.
For developing secure-by-design, IEC 62443‑2 compliant applications with PLCnext Technology, get a good grasp of the concepts used in the security context.

Therefore, please check for the option of disabling active communication channels in your application (for instance SNMP, FTP, BootP, DCP, HTTP, HTTPS, etc.) or setting passwords to prevent third parties from accessing the controller without authorization and modifying the system.

Due to the communication interfaces of the controller, the controller should not be used in safety-critical applications unless additional security appliances are used. Please take additional protective measures in accordance with the IT security requirements and the standards applicable to your application (e.g., VPN for remote maintenance access, firewalls, etc.) for protection against unauthorized network access.

On first request, you shall release Phoenix Contact and the companies associated with Phoenix Contact GmbH & Co. KG, Flachsmarktstrasse 8, 32825 Blomberg, Germany in accordance with §§15ff. AktG (German Stock Corporation Act), hereinafter collectively referred to as “Phoenix Contact”, from all third-party claims made due to improper use.

For the protection of networks for remote maintenance via VPN, Phoenix Contact offers the mGuard product series security appliances; further information on this is available in the Phoenix Contact catalog (phoenixcontact.com/products).

Additional measures for protection against unauthorized network access are listed in the AH EN INDUSTRIAL SECURITY application note.

Risk of unauthorized access to devices

Devices with PLCnext Technology do not feature mechanical access protection and are therefore at risk of manipulation. Unauthorized access can occur via device interfaces, for example:

• USB ports
• PCI Express interfaces
• Axioline bus
• SD card slot and the SD card contained therein
• Device HMI (touch panel as well as buttons, switches, etc.)
• Ethernet interfaces

To prevent damage, data corruption, loss of data, or misuse of data due to authorized access, make sure that only authorized access is possible.

• Protect the interfaces by installing the devices in a control cabinet.
• Secure the control cabinet with a lock.
• Make sure that only authorized persons have access to the control cabinet key.
• Run cables in such a way that they are protected against unauthorized access.