Important recommendations for data protection!

In order to minimize the risk of data security violations, we recommend the following organizational and technical actions for the system where your applications are running.

  • Whenever possible, avoid exposing the PLC and control networks to open networks and the Internet.
  • Use additional data link layers for protection, such as a VPN for remote access.
  • Install firewall mechanisms. Restrict access to authorized people.
  • Use high-strength passwords.
  • At commissioning, change any existing default passwords and change them on a regular basis.

Use the security features supported by CODESYS and the respective controller, such as encryption of communication with the controller and intentionally restricted user access.

For devices which support a device user management, the device editor includes the Users and Groups and Access Rights tabs.
When offered by the device, the user can view the user management for the device here as well as edit it in synchronization mode (not in online mode).

Here, the user can grant or deny specific permissions on the controller to the defined user groups.

If this is urgently needed, then it is possible to deactivate this device user management.

There are two ways to proceed:

Related OLH Article: Disabling User Management.

  1. At the first connection attempt to the PLC, this window will show up:



  2. You have to confirm this massage with “Ja/Yes” in order to be able to connect to your PLC.
  3. In the next step, you have to choose a username and password:



  4. You then can log in/connect to your device.
    Your submitted user and password information will be requested here.





  5. Once connected to your device, you can deactivate the user management.
  6. Go to your PLC Device - "Communication Settings" Tab.
  7. Open the "Device“ - "Change Communication Policy…” settings (see OLH "Changing the communication policy (encryption, user management):



  8. Set the new policy to “Optional encryption” (see OLH "Changing the communication policy (encryption, user management):



  9. In order to delete the old user management from your PLC, right-click on your device and select “Reset Origin Device”:



  10. in the confirm dialog, mark the “User Management” and confirm with “Yes”:



    → Now the user management is deleted and only optional anymore.

This setting allows the usage of the CODESYSControl runtime without an activated user management.

This setting is not recommended to be turned off!
For safety reasons, this option should always be used!

The user must be aware of the risks when using this option!

  1. Depending on the runtime, the configuration file is located in the following place: Location of the configuration file

  2. Set the entry

    Declaration
    [CmpUserMgr]
    ;allow usage of CODESYSControl runtime without activated user management (not recommended):
    SECURITY.UserMgmtEnforce=YES

    to 
    Declaration
    [CmpUserMgr]
    ;allow usage of CODESYSControl runtime without activated user management (not recommended):
    SECURITY.UserMgmtEnforce=NO

  • No labels