The CXE200 local interface contains a security overview table with the status of device hardening actions at Security > Overview.

Log in to CXE200 as administrator. At the first login with username 'admin' and password 'admin' a change of password is required, see CXE200 Quick Install Guide, https://siemens.com/bt/download → ID: A6V13947204.

  • The device is powered on, the RUN LED indicator is steady green, and a PC is connected to the LAN port on CXE200.
  1. Double press the SVC button:
  • The IP address 169.254.169.254 is assigned to the LAN port for the duration of 15 minutes.
  • The SVC LED is steady red when an IP address has been assigned.
  1. Enter the IP address of CXE200 in a web browser to connect to the GUI: https://169.254.169.254.
  • The device login prompt is displayed.

Firewall ports

There is no manual configuration of TCP and UDP ports on the device. Necessary ports are configured by the deployed application. When the controller is located behind a separate firewall, this is configured according to the tables in System characteristics.

Firewall services

Just like TCP and UDP ports, allowed services are automatically configured by the deployed application. When the controller is located behind a separate firewall, this is configured according to the tables in System characteristics.

SSH

SSH must be disabled when not used. The SSH switch is located in Security > Keys and certificates.

Application signature

Software images delivered through the Devices application are digitally signed by Siemens. When an unsigned image is installed, a security warning is prompted.

Password policy

A password must conform to the rules described in CXE200 Edge Controller - Cybersecurity Guidelines, https://siemens.com/bt/download → ID: A6V16524121. The format of passwords is restricted by:

  • A password must be made up of uppercase and lowercase, numeral, and special characters. At least on occurrence of each character type is required.
  • The minimum password length can be set to a number between 8 (minimum) and 20 (maximum) characters.

Security is heightened by increasing the number of required characters from the minimum eight. Go to Security > Manage users to set minimum password length.

User management

Create an administrator account with a different username and disable (suspend or delete) the default administrator account. Create at least one non-administrator account for normal use. Go to Security > Manage users to do this.

When hardening has been performed, the administrator can accept the configuration with the Approve button.