Cyber Security in AC500 V3 ProductsΒΆ

Cyber Security Disclaimer

This product is designed to be connected to and to communicate information and data via a network interface. It is your sole responsibility to provide and continuously ensure a secure connection between the product and your network or any other network (as the case may be). You shall establish and maintain any appropriate measures (such as but not limited to the installation of firewalls, application of authentication measures, encryption of data, installation of anti-virus programs, etc.) to protect the product, the network, its system and the interface against any kind of security breaches, unauthorized access, interference, intrusion, leakage and/or theft of data or information. ABB Ltd and its affiliates are not liable for damages and/or losses related to such security breaches, any unauthorized access, interference, intrusion, leakage and/or theft of data or information.

Security related deployment guidelines for industrial automation

Security details for industrial automation is provided in a whitepaper

Signed Firmware Updates

The firmware update files for the AC500 V3 PLC are digitally signed releases by ABB. During the update process, these signatures are validated by a hardware security component in the PLC. This way, the AC500 V3 PLC will only update with valid, authentic firmware, signed by ABB.

Open Ports and Services

The AC500 V3 PLC comes with minimal services opened by default. Only the services needed for initial setup and programming are open before any user application is downloaded. Details: ETHERNET Protocols and Ports for AC500 V3 Products

Secure Shell Access for ABB Service

The AC500 V3 PLC contains a secure shell service to access core logging data in case of problems which need a deeper analysis. This service is inactive by default, which means that no one can access this privileged shell in the normal operating state.

To activate this service, local access to the PLC is necessary and activation is only valid until the next power cycle of the PLC. Once activated, the service run on TCP port 22. Each PLC also protects the secure shell access by an individual password.