Siemens SIMATIC HMI

1.1 Security information

Cybersecurity information

Siemens provides products and solutions with industrial cybersecurity functions that support the secure operation of plants, systems, machines, and networks.

In order to protect plants, systems, machines, and networks against cyber threats, it is necessary to implement and continuously maintain a holistic, state-of-the-art industrial cybersecurity concept. Siemens' products and solutions only form one element of such a concept.

Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection is necessary, and only when appropriate security measures (e.g. firewalls and/or network segmentation) are in place.

For more information on protective industrial cybersecurity measures for implementation, visit: https://www.siemens.com/global/en/products/automation/topic-areas/industrial-cybersecurity.html

Siemens' products and solutions undergo continuous development to make them more secure. Siemens strongly recommends applying product updates as soon as they are available and always using only the latest product versions. Use of product versions that are no longer supported, and failure to apply latest updates may increase customer's exposure to cyber threats.

To stay informed about product updates at all times, subscribe to the Siemens Industrial Cybersecurity RSS Feed under: https://new.siemens.com/global/en/products/services/cert.html

See also

www.siemens.com/industrialsecurity

https://www.siemens.com/cert

1.2 GDPR - General Data Protection Regulations

Siemens takes data privacy principles, such as the privacy by design and default principle, into account when developing its products and services. For this product WinCC Unified Runtime this means the following:

Personal data processed by the Application

This product collects and processes the following personal data:

• User names, i. e. login data, which might directly contain or establish a reference to the family name and/or first name
• Timestamps: date / time of login, logoff and access
• Location data (time zone)
• Computer name
• IP addresses
• Optional: With UMC, the following additional personal data can be added in the tool:
  • Full name
  • Comment

This data is not needed for the product functionality and should not be stored on the same medium.

If the user links the above-mentioned data with other data, e. g. shift plans, or stores personal data on the same medium, e. g. hard disk, and thus establishes a personal reference, the user must ensure compliance with data protection regulations.

Purposes

The above data is required for the following purposes:

• Access protection and security measures (e.g. Login, IP address)
• Process synchronization and integrity (e.g. time zone information, IP addresses)
• Archiving system for traceability and verification of processes (e.g. access timestamps)
• Alarm system for traceability and availability (for example, e-mail notification)

The storage of data is appropriate and limited to what is necessary, as it is essential to identify the authorized operators and process events.

Data configuration

The customer can configure the data collected via the product as follows:

• Display data in process pictures
• Data output in form of reports, e.g. for printing or display as electronic file
• Data collection and evaluation in form of graphics, e.g. for KPI analysis

1.3 Notes on installation

Contents

Information that could not be included in the online help and important information about product features.

Operating system

Installation of SIMATIC WinCC Unified Station Configurator is supported on all client devices with Windows operating system (PCs, notebooks, etc.).

1.4 Notes on use

Contents

Information that could not be included in the online help and important information about product features.

Change in name

The application was renamed from "SIMATIC WinCC Unified Control Center" to "SIMATIC WinCC Unified Station Configurator".

Deletion policy

The product does not provide an automatic deletion of the above data. If necessary, these can be deleted manually if desired. To do this, refer to the product documentation or contact customer support.

Securing of data

The above data will not be stored anonymously or pseudonymized, because the purpose of access and event identification cannot be achieved otherwise.

For WinCC Unified PC-based, the data specified above should be secured by appropriate technical measures:

• Encryption of log data
• Storing the process data in access-protected SQL databases

The user must ensure the access protection as part of their process configuration.

You can find information on data backup on the WinCC Unified Comfort Panel in the operating instructions for the Comfort Panel.

No simulation

SIMATIC WinCC Unified Station Configurator does not support Unified Runtime projects of the type "Simulation".

Connection to Unified Runtime web server with Windows server

SIMATIC WinCC Unified Station Configurator does not connect to a Unified PC Runtime web server with a Windows Server operating system.

To enable such a connection, follow these steps on the Runtime web server:

1. In the Group Policy Management Console (GPMC), open "Windows Defender Firewall with Advanced Security".
2. In the navigation area, navigate to "Inbound Rules".
3. Right-click on "Inbound Rules" and select "New Rule".
4. Configure the rules:
   • "Rule type" step: Select the "Port" option.
   • "Protocol and ports" step: Select the "TCP" option and enter "4000" as port under "Specific local ports".
   • "Name" step: Enter the name and description of the rule.
5. Click "Finish".