RFC 4072S

 

Risk of unauthorized access to devices

The safety controller RFC 4072S has a touch screen display and is used with an external SD card. This makes unencrypted information available. To prevent damage, data corruption, loss of data, or misuse of data due to authorized access, make sure that only authorized access is possible.

• Protect the interfaces by installing the devices in a control cabinet.
• Secure the control cabinet with a lock.
• Make sure that only authorized persons have access to the control cabinet key.
• Run cables in such a way that they are protected against unauthorized access.

 

There are different Ethernet and firewall configurations due to three Ethernet interfaces.

Connecting and operating elements

Security seals

In order to prevent manipulation of the device supplied and to detect unauthorized opening of the device, security seals have been applied to the controller.

The housing of safety controller RFC 4072S is protected by security seals on both sides like shown below. Please check if the seals are placed at the correct location, not damaged or seal parts are remaining on the housing.

1	Test marks and revision status (hardware/firmware) of the safety-related PROFINET® controller iSPNS 3000
2	Security seals

SD card

The use of the SD card is mandatory. 

Phoenix Contact recommends the use of the following SD cards:

• SD FLASH 8GB PLCNEXT MEMORY LIC (item no. 1151112) 
• SD FLASH 32GB PLCNEXT MEMORY LIC (item no. 1151111) 

With upcoming firmware releases, these special SD cards will provide data protection, and therefore can be used together with the Security Profile.

Sensitive data is stored on the SD card. This data can even be restored after reformatting the SD card.

Touch screen display

The RFC 4072S has a touch screen display (also referred to as “display” in the following). This display shows tiles containing various information on the device and the connected network. The display allows you to retrieve information about the iSPNS 3000 and OPC UA connections, for example. The depth of information shown varies by tapping the individual tiles. The display allows menu-guided operation of the device. Among other things, you can reset the device to the factory default.

How to reset the controller

The menu MAINTENANCE allows for the following maintenance settings:

• PLC REBOOT: Restarts the RFC 4072S
• FACTORY RESET: Resets the RFC 4072S to the factory default (Reset 1)

A	Home menu
B	CONFIG DETAILS menu
C	MAINTENANCE menu

Status information

There are status information on the touch screen display. The status information of the individual tiles of the display is only shown in the home menu. The background color on the individual tiles varies depending on the state.

Status information of the safety PLC (iSPNS 3000):

Indicator	Color	Meaning
	Red	The function of the iSPNS 3000 is deactivated. No safety-related program is loaded.
	Blue	Initial state in which the iSPNS 3000 passes through various phases until it is ready for operation (e.g., self-test, synchronization with the standard controller). The iSPNS 3000 is ready for operation once it has passed through these phases. FS (Failure State) is off.
	Green	Cyclical processing of the safety-related application program has started. FS (Failure State) is off.
	Orange	The iSPNS 3000 is in the "Debug Run" state.  This state was invoked from the PLCnext Engineer software with an active online connection. FS (Failure State) is off.
	Orange	The iSPNS 3000 is in the "Debug Stop" state. This state was invoked from the PLCnext Engineer software with an active online connection. The iSPNS 3000 is ready. Cyclical processing of the safety-related application program has stopped. The iSPNS 3000 must be started manually via the PLCnext Engineer software. FS (Failure State) is off.
	Red	The iSPNS 3000 is in the safe state (failure state). FS (Failure State) is red.

 

Diagnostic indicators

The diagnostic indicators of all the tiles are displayed in the home menu using virtual LEDs.
Below you can see the meaning of the FS (Failure State) LED (safety PLC):

LED	Color		Meaning
FS	Red	On	A critical error has occurred and been detected. The iSPNS 3000 has switched to the "safe state".
		Flashing 1 Hz	Initialization phase is running (firmware boot process with power-on self-test, loading the parameterization and configuration data from the parameterization memory, booting the safe application program) or Initialization phase has been aborted with an error or Error-free DEBUG state of the iSPNS 3000
	Gray	Off	Error-free operating state of the iSPNS 3000 (if supply voltage is present)

Booting the device

During boot, the USB interface is intentionally accessible via a connected keyboard.
You can choose between:

• Linux A 
• Linux B
• Recovery 
• Installing a new firmware via USB device

After the firmware has booted, the USB interface is disabled.

 

Risk of unauthorized access to the firmware of the device

Attackers can boot the device with a different firmware than intended if they have physical access to the device.

To prevent damage, data corruption, loss of data, or misuse of data due to authorized access, make sure that only authorized access is possible:

• Protect the interfaces by installing the device in a control cabinet.
• Secure the control cabinet with a lock.
• Make sure that only authorized persons have access to the control cabinet key.
• Make sure that on all possible boot partitions the intended firmware is installed before using the device for productive applications.

Assignment of the Ethernet interfaces

The following is an overview of how the Ethernet interfaces are assigned by default in the various pages in the WBM: 

Ethernet interface hardware	Description	PROFINET® function by default	Ethernet interface WBM - Network page	Ethernet interfaces WBM - Firewall page
LAN1	10/100/1000 BASE-T(X), separate MAC address	PROFINET® Controller	TCP/IP (LAN1)	LAN1
LAN2	10/100/1000 BASE-T(X), separate MAC address		TCP/IP (LAN2)	LAN2
LAN3.1	10/100/1000 BASE-T(X), common MAC address, internally switched	PROFINET® Device	TCP/IP (LAN3)	LAN3
LAN3.2

 

Activating PROFINET® and OPC UA

After you have performed a threat analysis and implemented appropriate protective measures from the security context, you can activate PROFINET® and OPC UA. 

 For further information on how to activate PROFINET®, refer to the topic Activating PROFINET® in this PLCnext Security Info Center.

 For further information on how to activate OPC UA , refer to the topic Activating OPC UA Server in this PLCnext Security Info Center.

 For further information on PROFINET® in the WBM, refer to the PROFINET diagnostics topic in the main PLCnext Info Center.

After activation of PROFINET® and OPC UA, the home display looks like this: 

Mode selector switch

 

The mode selector switch is used to define the operating state of the standard controller only. The mode selector switch does not influence the operating state of the safety-related
PROFINET controller (SPNS).

There are three operating modes: The RUN/PROG and STP (= stop) positions have a toggle-button function, and the MRESET position has a push-button function. After releasing the switch in the MRESET position, it returns to the STP position.

 For further information on the mode selector switch, refer to the user manual for RFC 4072S controllers.

Netload Limiter configuration

You configure the Netload Limiter on the Netload Limiter page in the WBM (Configuration → Network, Netload Limiter tab).

For further information, refer to the topic Configuring Netload Limiter.

 

•  Web browser recommendation: Chrome/Edge 88 or newer, Firefox ESR 90 or newer, or Safari  • 
• Published/reviewed: 2023-11-02 • Revision 011 •