Security - SD Card 

Available on PLCnext Control AXC F x152 series

Accessibility

This WBM page is accessible with user role:

  • Admin
  • SecurityAdmin (from firmware 2022.0 LTS)
  • Engineer (from firmware 2024.0 LTS)

How to get into the WBMHow to get into the WBM

Establishing a connection to the Web-based Management (WBM):

  • Open a web browser on your computer.
  • In the address field, enter the URL https://<IP-address-of-the-controller>/wbm,
    for example: https://192.168.1.10/wbm.

For further information, see WBM.

SD Card page

If the internal flash memory is not large enough for your application, the AXC F 1152AXC F 2152 and AXC F 3152 controllers can be operated using an SD card.

Please note the following when operating the controller with an SD card:

  • The SD card can be read with a conventional SD card reader at any time. Sensitive data on the SD card can be read if you do not physically protect the SD card against unauthorized access. From firmware version 2024.0 LTS LIC SD cards can be encrypted to protect the data.
  • Ensure that unauthorized persons do not have access to the SD card.

You can activate or deactivate the support of the SD card on the SD Card page.

  • If support of the SD card is activated (default setting), the SD card is recognized during the initialization phase of the controller.
  • If support of the SD card is deactivated, the controller does not recognize the SD card.

Please note the following when operating the controller without an SD card:

If support of the SD card is activated and the controller is operated without an SD card, there is a risk of data theft or data manipulation. Unauthorized persons can insert an SD card and restart the controller. In this case, the SD card is recognized during the initialization phase of the controller. If there is an overlay file system on the internal flash memory, it will be copied to the SD card. The overlay file system on the internal flash memory will be deleted.

Furthermore, all application-specific data will be deleted from the internal flash memory. Any PLCnext Engineer projects and IP configurations stored there will no longer be available. The controller accesses the data stored on the SD card.

Recommended:

  • Deactivate support of the SD card if the controller is to be operated without an SD card.
  • Make sure that unauthorized persons do not have access to the controller.
WBM page SD card from firmware version 2024.0 LTS
WBM_SD-Karte.png

WBM page SD card up to firmware version 2023.9WBM page SD card up to firmware version 2023.9

WBM_SD-Karte.png

 

Status area

In the Status area, you can see whether the controller is currently being used with or without an SD card as well as encyption and password status.

Operation with SD card

If you operate the controller with an SD card (display in Status area: External SD Card), any application-specific data is stored on the SD card. The overlay file system is generated on the SD card.

Operation without SD card

If you operate the controller without an SD card (display in the Status area: Internal SD Card), all application-specific data is saved to the internal flash memory of the controller. The overlay file system is generated on the internal flash memory.

Configuration area

Support for external SD card

You can activate or deactivate the support of the SD card in the Configuration area (default setting: Support for external SD Card is activated).

  • Enable or disable the Support for external SD Cardwith the button Activate support or Deactivate support.
  • To activate the changed setting, you must reboot the controller, for example via the Cockpit. See Overview - Cockpit.

Up to firmware version 2023.9Up to firmware version 2023.9

  • Enable or disable the Support external SD Card check box.
  • To apply the setting, click the Apply button.

The setting will not take effect until the controller has been restarted.

  • To drop the setting, click the Reset button.

When operating the controller without an SD card, please note the following:

If support of the SD card is activated and the controller is operated without an SD card, there is a risk of data theft or data manipulation. Unauthorized persons can insert an SD card and restart the controller. In this case, the SD card is recognized during the initialization phase of the controller. If there is an overlay file system on the internal flash memory, it will be copied to the SD card. The overlay file system on the internal flash memory will be deleted.

Furthermore, all application-specific data will be deleted from the internal flash memory. Any PLCnext Engineer projects and IP configurations stored there will no longer be available. The controller accesses the data stored on the SD card.

Recommended:

  • Deactivate support of the SD card if the controller is to be operated without an SD card.
  • Make sure that unauthorized persons do not have access to the controller.

Note: A reset to default setting type 1 of the controller does not affect the setting whether the support of the SD card is activated or deactivated.

Reactivation after Factory Reset

Available from 2024.0 LTS for AXC F 1152AXC F 2152AXC F 3152

Here you can select whether support for the external SD card should be activated or deactivated in the event of a Reset to default settings (type 1). The default setting is that the activation/deactivation status is retained after the reset.

  • Enable or disable the Reactivation after Factory Reset check box.

Note: If you activate the Security Profile, the Reactivation after factory reset option is always disabled.
If you deactivate the Security Profile again, a Reset to default setting (type 1) is performed implicitly. If you now want to use the external SD card, activate the Reactivation after factory reset checkbox before deactivating the Security Profile or click on the Activate Support button under Support for external SD card.

Data Protection

Available from 2024.0 LTS

In the Data Protection section, you have the option of encrypting  LIC SD cards and assigning a password to protect your data from unauthorized access and manipulation. 
The Encryption password is stored on the LIC SD card and the controller. It is therefore not necessary to enter it again during a reboot. After activation the LIC SD card and the controller are bound to each other. 
The Recovery password is necessary to unlock a protected LIC SD card so it can also be used with another controller. 

Note: Save the encryption password in a safe place. It also serves as a recovery password for the LIC SD card.

SD card encryption

Note: During the encryption and decryption process a reset to default setting type 1 is performed. The data on the SD card is deleted but the IP address setting is retained. 

  • Click on Activate encryption to prepare the SD card encryption.

The Set password for SD card encryption dialog opens. Here you can assign a password or have one generated automatically.

Option 1: Enter a password
  • Select Enter from the Password creation drop-down menu.
  • Enter the password in the Encryption password and Confirm encryption password input fields and save the password in a safe place.
  • Click on Save.
Option 2: Generate a password
  • Select Generate from the Password creation drop-down menu.
    ↪A password is generated automatically
  • Save the generated password in a safe place.
  • Click on Save.
Execute SD card encryption
  • To encrypt the SD card, you must reboot the controller, for example via the Cockpit. See Overview - Cockpit.
    ↪The LIC SD card will then be protected and bound to the controller.
Deactivate encryption
  • Click on the Deactivate encryption to unlock a protected LIC SD card.
    ↪ A reset to default setting type 1 is performed and the data is deleted from the LIC SD card. 

Set recovery password

You need a recovery password if you want to use an encrypted LIC SD card with another controller to which the LIC SD card is not bound, for example if a controller needs to be replaced. The recovery password corresponds to the encryption password with which the LIC SD card was originally encrypted.

If a LIC SD card is encrypted and therefore bound to a specific controller (see SD card encryption), an encryption password has been set. To unlock and use the protected LIC SD card with another controller, you have to set the recovery password in the WBM of this controller. With the set recovery password, the LIC SD card is unlocked during the next reboot of the controller and can then be used with this controller only. 
You can assign the recovery password in the Recovery password to unlock the protected SD card area. 

  • Click on Set recovery password.
    ↪ The Set recovery password to unlock protected SD card dialog opens.

  • Enter the password in the Recovery password and Confirm recovery password input fields and save the password in a safe place. The recovery password corresponds to the encryption password with which the LIC SD card was originally encrypted.
  • Click on Save.
    ↪The password is now set and the LIC SD card will be unlocked during the next reboot of the system. 
Delete recovery password

If you delete the recovery password, the LIC SD card cannot be used with the controller anymore.

  • Click on Delete recovery password.  

  • Note the system message and click OK.
    ↪ The password will be deleted.

System Message area

In the System Message area, information on the current configuration status or changes of the configuration are displayed (Information). Potential security risks are displayed as well (Warning).

 

 

• Published/reviewed: 2024-02-27   ★  Revision 065 •