Com’X 210/510
Hardening Guide 7EN12-0328
Com’X 210/510 Hardening Guide
Introduction ...........................................................................................................2
Additional resources ................................................................................................... 2
Access Com’X user manual........................................................................................ 3
Upgrade Firmware ................................................................................................3
Determine current firmware version ............................................................................ 3
Upgrade to latest firmware version ............................................................................. 4
Safety Precautions ...............................................................................................5
User management ................................................................................................5
Set default administrator password ............................................................................ 6
Set default guest password (Com’X 510 only) ............................................................ 6
Disable the Password Reset button ............................................................................ 6
Install a private SSL certificate ...........................................................................6
Disable enabling of Remote VPN access from cloud services .......................7
Port management .................................................................................................7
Close unused ports ..................................................................................................... 7
Disable unused services ............................................................................................. 8
Disable replies to ICMP Echo requests (PING) .......................................................... 8
Set Secure Publication Transports .....................................................................8
Configure SMTP (Email settings) ............................................................................... 9
Recommended best practices of unsecure protocols ............................................... 10
Disable WiFi Access Point ............................................................................... 10
Apply Modbus TCP/IP Filtering ........................................................................ 11
Enable Warning Banner .................................................................................... 12
Com’X 210/510 Hardening Guide
Introduction
Your Schneider Electric product is equipped with security-enabling features.
These features arrive in a default state and can be configured for your installation
needs. Please note that disabling or modifying settings can impact the overall
security robustness of the device and the security of your network.
This guide provides recommendations to better secure your Com’X device.
Please use this guide in conjunction with the user manual for the step by step
procedure details required for the configuration of specific features and settings.
NOTE: This guide is applicable for Com'X firmware version 6.5 and above.
Additional resources
Com'X 200/Com'X 210/Com'X 510 Instruction Sheet
Com'X 510 User Manual
Document References
5406AD002
5406AD005
5406AD006
5406AD007
DOCA0098FR
DOCA0098ES
DOCA0098PT
DOCA0098IT
DOCA0098ZH
DOCA0098RU
Page 2 © 2019 Schneider Electric. All rights reserved.
Com'X 210 User Manual
Com’X SSL Certificate Installation Guide
DOCA0036FR
DOCA0036ES
DOCA0036PT
DOCA0036IT
DOCA0036ZH
DOCA0036RU
7EN12-0327
Com’X 210/510 Hardening Guide
Access Com’X user manual
You can download the Com’X 210 and Com’X 510 user manual from the
Schneider Electric website.
• Com’X 510 User Manual
• Com’X 210 User Manual
The user manual for Com’X 510 can also be accessed directly on the device.
1. Login to the Com’X.
2. Select Settings > Links > View Links.
3. Click the Com’X 510 User Manual - EN document local link to download the
manual.
Upgrade Firmware
Products are hardened to increase security robustness. This is an ongoing
process consisting of secure development practices, inclusion of security
features and testing at our security test facilities. Keep your device firmware
updated with the latest security updates.
Determine current firmware version
Locate the firmware version currently running on your Com’X.
1. Login to the Com’X.
2. Click About link located on the top right corner of the screen.
3. Determine Application version under Product Versions.
© 2019 Schneider Electric. All rights reserved. Page 3
Com’X 210/510 Hardening Guide
Upgrade to latest firmware version
1. Determine the latest Com’X firmware version available on se.com.
a. Com’X 510 firmware
b. Com’X 210 firmware
2. Download and unzip the firmware bundle if it is higher than the firmware version on
your Com’X device.
3. Open the release notes contained in the unzipped bundle.
4. Update the firmware if the release notes indicate security updates. The firmware
filename begins with upgrade-Com’X and has file extension .sp1.
NOTE: See Upgrade Firmware section in the User Manual.
Page 4 © 2019 Schneider Electric. All rights reserved.