Handling the Security Profile
Activating the Security Profile
- Log in to the WBM.
Return to topicHow do I get to the WBM again? Click here for more information...
Establishing a connection to the Web-based Management (WBM):
- Open a web browser on your computer.
- In the address field, enter the URL https://<IP-address-of-the-controller>/wbm,
for example: https://192.168.1.10/wbm.
For further information, see WBM.
- Open the Security Profile page (Security → Security Profile) in the WBM.
- Select the checkbox named "Activation of the Security Profile".
- Click the button.
The PLCnext Control is now reset to default settings (type 1) and then rebooted. However, IP addresses and installed licenses are retained.
After rebooting you have to log in again.
Note: There is no longer the role "Admin". You need to log in as "SecurityAdmin". The password is still the password printed on the housing of the PLCnext Control.
- Log in to the WBM as "SecurityAdmin".
In the top bar you can see that the Security Profile is activated.
Note: Now follow the steps from the topic Checking the integrity state.
Note: With activating the Security Profile the https certificates are deleted. Therefore you must generate the https certificates again and upload them in your browser. Refer to the topics Generating self-signed https certificates in the WBM and Uploading the certificate in the browser.
Changing the password of the SecurityAdmin
You have to change the password of the SecurityAdmin. To do this, proceed as follows:
- Open the User Authentication page.
- Click the
button. - Set a new password following the password complexity rules and save it by clicking the button.
Effects of the Security Profile
- With the Security Profile, some WBM pages are no longer accessible for security reasons and are disabled in the WBM navigation.
- The SecurityAdmin can only configure the system. All other activities must be performed by other roles. You need at least an Engineer to program in PLCnext Engineer and a Security Auditor to access the security notifications.
- You have no root access and no SSH access.
- The Security Profile follows the principle of least functionality: only components that have been considered in the threat analysis may run. This specifies exactly what is permissible.
- On the System Services page you may see effects of the principle of least functionality: The number of components is limited by the Security Profile. All services except Netload Limiter are disabled. Only activate the services that you actually need. For example, you must decide which visualization mechanism is used (eHMI or OPC UA) and then activate it accordingly. Consider your respective security context. If your network is sufficiently protected by additional organizational measures , you can activate the PROFINET® Controller and possibly PROFINET® Device if necessary.
→ Go to the topic Creating users to set up additional users and login conditions.
For more information on the different roles and rights, refer to the User Authentication WBM topic in the main PLCnext Info Center.
• Web browser recommendation: Chrome/Edge 88 or newer, Firefox ESR 90 or newer, or Safari •
• Published/reviewed: 2023-11-02 • Revision 011 •
• Published/reviewed: 2023-11-02 • Revision 011 •