244
Application notes
POWERXL DM1 SERIES VARIABLE FREQUENCY DRIVE MN040049EN—September 2021 www.eaton.com
Category Description
Restrict logical access to PowerXL series drive It is extremely important to securely configure the logical access mechanisms provided in PowerXL Series VFD
to safeguard the device from unauthorized access. PowerXL Series VFD provides various types of administrative,
operational, configuration privilege levels. Eaton recommends that the available access control mechanisms
be used properly to ensure that access to the system is restricted to legitimate users only. And, such users are
restricted to only the privilege levels necessary to complete their job roles/functions.
Eaton recommends below best practices to be followed to ensure adequate cybersecurity of the setup/system
• Default credentials are changed upon first login. PowerXL Series VFD should not be commissioned for
production with Default credentials, it’s a serious Cybersecurity flaw as the default credentials are published
in the manuals. Restrict administrative privileges - Threat actors are increasingly focused on gaining control
of legitimate credentials, especially those associated with highly privileged accounts. Limit privileges to
only those needed for a user’s duties. Make sure that the password used in the device is only available to
authorized users like Configuring Engineers and not shared among all operational users.
• Perform periodic account maintenance to make sure that password is changed whenever there is personnel
change.
• Change passwords and other system access credentials as appropriate
• PowerXL Series VFD is provided with data/access protection mechanism on keypad, follow below steps to
utilize it
PowerXL Series VFD provides four levels of data protection for users to ensure the security:
1. Lock parameters on keypad. User can lock the parameters through DI or disable change, in which way all the
parameters cannot be edited.
2. Lock parameters while motor running. Motor control parameters can only be modified when motor is in stop
mode. In which way to enhance the motor security. The parameters are listed in the application manual.
3. Through Power Xpert inControl tool, facility to hide parameters on keypad is available. User can hide the
parameters he/she thinks are significant for himself/herself. Such as IP address and so on.
4. Password on keypad.
• 0000 means no password, which is the default.
• Password range is 0001 ~ 9999.
• With password, user can monitor parameters value but need enter password if he/she wants to edit
parameters.
• User needs to re-enter the password if there is no key operation in 1 min after enter the password.
• User needs to enter the old password if he/she wants to change to a new one.
Restrict network access PowerXL Series VFD provides network access to facilitate communication with other devices in the systems and
configuration. But this capability could open up a big security hole if it’s not configured securely.
Eaton recommends segmentation of networks into logical enclaves and restrict the communication to host-to-host
paths. This helps protect sensitive information and critical services and limits damage from network perimeter
breaches. At a minimum, a utility Industrial Control Systems network should be segmented into a three-tiered
architecture (as recommended by NIST SP800-82[R3]) for better security control.
Deploy adequate network protection devices like Firewalls, Intrusion Detection / Protection devices,
Below are the protocols and their port details available on PowerXL Series VFD. Use below information for
configuring the firewalls.
PowerXL Series VFD provides below communication protocols –
• EtherNet IP protocols on RJ45 connector – enabled by default on port 44818 and 2222
• Modbus TCP protocol on RJ45 connector – enabled by default on port 502
• Modbus RTU on RS485 physical layer – enabled by default
• BACnet MS/TP on RS485 physical layer – disabled by default, when this is enabled, Modbus RTU is disabled.
All the protocols have dedicated menu structure, and details are described in User’s Manual for how to activate or
configure them.
• Eaton has published detailed information about various Network level protection strategies in Eaton
Cybersecurity Considerations for Electrical Distribution Systems [R1].
To Next Page
Loading...
