sbc PCD3.M6893 Cyber Secure IEC Controller

Specifications

• Model: PCD3.M6893
• Controller Type: IEC-Controller Cyber Secure, IEC 61131-3
• Maximum Peripheral Connections: Multiple PCD3 I/O modules in cassette form
• Power Consumption: typ. 175 mA / 4.2 W, max. 500 mA / 18 W
• Load-Carrying Ability: 5 V / 24 V internal, max. 600 mA / 100 mA
• Short Voltage Interruption: 10 ms with interval 1 s
• Operating Temperature: Ambient temperature operating (according to EN/IEC 61 131-2)
• Protection Level: IP 20

General

• The powerful PCD3.M6893 is a cyber secure PLC, programmable in accordance with IEC 61131-3.
• The high-level language for structured text (ST) according to IEC 61131-3, has a strong syntax and supports object-oriented methods. Certified to ANSI/ISA 62443, Security Level 3, the PCD3.M6893 delivers robust cybersecurity, making it ideal for mission-critical operations and secure integration with IoT and cloud infrastructures. The modular PLC integrates USB, Ethernet, RS-485 and CAN bus interfaces, ensuring flexible connectivity. It is compatible with the modular and robust I/O system of the SBC PCD3 family, enabling seamless expansion.
• In mission-critical automation environments, system downtime can lead to costly disruptions and safety risks. To ensure continuous operation, the PCD3. M6893 QronoX Controllers offer a reliable and efficient redundancy solution. By configuring two controllers in a “Hot Standby” arrangement, uninterrupted system performance is maintained—even in the event of a failure.
• In this setup, one PLC actively controls the process while the second remains in standby mode, continuously monitoring inputs and synchronizing with the active unit via a dedicated redundancy link. If the active PLC encounters a fault, the standby unit instantly takes over output control, maintaining seamless operation without disruption.

Features

Maximum peripheral connections

• Ethernet and USB-port onboard
• One serial interface RS-485 onboard
• One serial interface RS-485 pluggable on Slot A
• Up to 1024 central inputs/outputs with expansion module holder PCD3.Cx00 (up to 64 modules with max. 16 contact points each). The first module holder must always be a PCD3.C200
• Additional remote input/output can be connected using PCD3.T66x remote IO stations or remote PCD.M6893 controllers

PCD3 I/O modules in cassette form
More than 40 I/O modules are available with different functionalities, refer to the order details.

• Status of digital signals indicated via LEDs
• Configurable process image via System Configuration software

Efficient programming tools

• IEC programming software QronoX from SBC with integrated Systemand Account Management Configuration and comprehensive application components makes programming convenient and efficient.
• A coordinating combination of operating system and programming tool achieves maximum speed, reliability and functionality. Learn more at www.sbc-support.com.

General Technical Data

General technical data / Operating conditions

1. Mount a free-wheeling diode over the load when switching DC tension.
2. To extend this period, a PCD3.R010 module may be plugged into one of the four IO slots of the CPU.
3. When assembling on vertical surface, all other mounting methods 0…40 °C.

RS-485 terminator switch for Port #2

Communication Interfaces

*The optional file system is required for application programs handling user defined data.

Connections X0 and X1

X0 – Communication interfaces: position Slot A

X1 – CAN bus terminal

Protocol Overview

• * Equipped with a PCD7.F150S
• * For J1939 and CANopen, need to purchase addtional license from the Codesys store.
• * USB allows BACnet Browsers to use the PCD as BACnet Router to local BACnet Networks.

BACnet

The Saia PCD3.M6893 PLC now features enhanced communication capabilities, with support for BACnet Client over both IP and MSTP. It also integrates BACnet Router (B-RTR) and BACnet Broadcast Management Device (B-BBMD) functionalities, offering a comprehensive solution for effective building management and automation. The BACnet Server is limited to the automatic generated management objects like “Device,” “Program,” “Network Port Object” for each enabled BACnet Interface and the File Object for Backup and Restore.

BACnet Client Capabilities:
The QronoX BACnet Client support connections up to 100 external BACnet Servers. These Servers can be field devices like Sensors, Actuators, Unitary Controllers or any other BACnet device. Regardless of the connection via BACnet-IP or BACnet MS/TP. The QronoX Client shall be set up by the Application Program leveraging the Client Functions from a dedicated interface library, provided by the Engineering Tool.

1. The external BACnet Device will be represented by a Client Function Block. The external Device can be addressed by its Device-Identifier Number or Device Name.
2. Property Function Blocks are set up with an Object-Property Reference for Polling, COV Notification and Writing. At Client-Connect, the BACnet Client firmware will automatically collect all registered Property information to assign appropriate BACnet “Read,” “Write,” and COV-Subscription Services.
3. The Firmware Client-Connect group all properties within the same Client and same Polling Interval in groups of 5 in case the external device support Read-Property-Multiple (DS-RPM) Service; else the firmware will fall back using the Single Read Property (DS-RP) Service.
4. For all configured Read-Properties, the firmware supports issuing up to 32 parallel Write Property (DSWP) requests. A transaction status will inform the application program about the progress and success.
5. The limits apply to active clients in parallel. In case larger number of Properties shall be processed, serialization of Client Connects is permitted.

For all in parallel active Clients Summary:

• Max. Number of active Clients supported: 100
• In total over all Clients,
• Max. Number of COV-Subscriptions: 1500
• Max. Number of Read Property (Multiple) Requests: 200 (DS-RPM support up to 5 Proper

Note: Only primitive data types will be supported; complex data types are not allowed.

Network Capabilities:

• Maximum number of BACnet packets processed per second: 100
• Maximum number of BBMD devices operating in BBMD mode: 50
• Maximum number of MSTP ports: 4
• Supports BBMD and FD on both Ethernet ports
• Supports BACnet Router across all networks
• Segmentation maximum window size of 16 for both requests or responses.
• MS/TP* Master supported baud rates : 9600, 19200, 38400, 57600, 76800, 115200. (*with optional MS/TP Communication Module – PCD3.F215)

For more details, refer to the BACnet “PICS” document.

• Use 480 bytes for existing PCD3.F215 Firmware – 1.04.06 FW and below, supports upto 2 MS/TP ports per module.
• Use 480 and 1476 (long frame) bytes with PCD3.F215 firmware – 1.04.08 FW and above, supports 1 MS/TP port per module.

BACnet Router:

• BACnet/IP – BACnet/IP
• BACnet/IP – BACnet/MSTP
• BACnet/MSTP – BACnet/IP
• BACnet/MSTP – BACnet/MSTP

OPC UA:
Supported Facets:

• UA Data Access
  • View service
  • Attribute service (read/write)
  • Subscription service
  • Monitored Item service (Absolute Deadband)
• Reverse Connect server facet
• Global Certificate Management (Push Model)
• Events
• UA Security model

Server Functional Limits:
The list provided outlines the configured limits for the Server functionality, with some parameters being user-configurable, while others are hardcoded.

Note The Max Monitored Items value shown here represents the maximum number the Server can instantiate. The actual capacity of active Monitored Items always depends on their sampling interval (Refer to “Server Performance Limits” section in this document).

Note
Server Performance Limits: When using OPC UA Data Access, it is essential to consider both the number of Monitored Items and their refresh rate within the system. The recommended limit for Monitored items depends on factors such as available system resources, network bandwidth, and the OPC UA server’s processing capabilities.

Recommended Monitored Items Limit:

These recommended limits are based on the following working conditions:

• Exclusively OPC UA communication (No other communication over TCP/IP is executed, for example, Modbus or Web Server)
• Sampling Interval: 1000ms
• Publish Interval: 1000ms
• 1 active Subscription
• 1 active Session
• PLC Task cycle time: 200ms
• PLC Task effective execution time: less than 10ms
• No Freewheeling task
• Data type of the monitored variables: DINT (UInt32)

Refer to the ‘‘OPC UA System Limits’’ document on the QronoX portal for more details

IEC 60870-5-104*

* As per Codesys Release version 1.0.6.0

Application Notes
PLC program

• Program size: 10 MBytes
• Program Memory: 50 MBytes
• Program Memory, persistent none volatile: 128 KBytes

PCD3 I/O Process Image
I/O update via process image within one program,

• Bus cycle task configurable, min. 2 ms
• Digital Inputs / Outputs: Update cycle 2 ms
• Analogue Input / Outputs: Update cycle per module (8 channels), multiple analogue module in parallel 50…100 ms

Factory set up

• USB Device: RNDIS driver enabled, Firewall open for engineering tool IP address 169.254.1.1, Subnet 255.254.0.0
• Ethernet 1: Disabled
• Ethernet 2: Disabled
• Serial Com Port 2: Disabled
• Serial Com. Port on slot A: Disabled

Dimension Drawing

PCD3.M6893

Planning data

• fStep files (3D)
• fBIM objects
• The data can be downloaded with the following link: https://sbc-support.com/en/services/bim-building-information-model/.

Connecting plugs/terminals

Spare terminals, ribbon connectors with system cables and separate terminals are ordered as accessories.

Compatibility note

• Minimum required firmware package for PCD3.A810 and PCD3.W800 modules: 4.x.x
• Minimum required firmware package for all remaining I / O modules: 3.0.0

Digital input modules

• * These ratings are not UL-listed
• ** Not recommended for new projects

Digital output modules

• * With contact protection
• ** For UL61010 compliant operation the following switching capacity applies: 2 A/35 VDC
• *** For UL61010 compliant operation the following switching capacity applies: 2 A/30 VDC
• **** Not recommended for new projects

Analogue input modules

Analogue output modules

Overview of the internal bus capacity of the module holders

1. Internal 5V
2. Internal +V (24 V)
   • The electrical requirement of the internal +5V and +V bus for the
   • I/O modules can be calculated in the QronoX I/O-Builder.
3. Plug-in I/O terminal blocks are included with I/O modules. Spare terminals, ribbon connectors with system cables and separate terminals are ordered as accessories.
4. 4 … 20 mA via user program.
5. With soldered spring terminal block.
6. At 100% output value and 3 kΩ load.

Manual control modules

Information for Project Planning with PCD3 Module Holders

The internal load current taken by the I/O modules from the +5V and +V (24V) supply must not exceed the maximum supply current specified for the CPUs, RIOs or PCD3.C200 module holders.

Example calculation for the current consumption of the internal +5V and +V (24V) bus of the I/O modules

Insertion of I/O modules

Simple exchange of I/O modules

Over 40 modules available with different functionalities

• Types
  • PCD3.Axxx Digital output modules
  • PCD3.Exxx Digital input modules
  • PCD3.Wxxx Analogue input/output modules

The following aspects should be considered when planning PCD3 applications:

• In keeping with lean automation, it is recommended to leave the first slot in the CPU basic module free for any subsequent expansions. This slot can accommodate simple I/O modules but also communication modules.
• The total length of the I/O bus is limited by technical factors; the shorter, the better.

PCD3 I/O modules are not hot-plug capable:

• Carefully insert and remove the I/O modules after switching off the power supply (24V).

The PCD3.C200 is used to extend the I/O bus or for the internal power supply +5V and +V (24V) to a module segment. Please note the following rules:

• Mandatory: Insert a PCD3.C200 after the PCD3.M6893 and after each cable (at the start of a row).
• Use a maximum of five PCD3.K106/K116 cables.
• Do not use more than six PCD3.C200s in a single configuration, or the time delay will exceed the I/O access time.
• If an application is mounted in a single row (max. 15 module holders), then after five PCD3.C100 a PCD3.C200 must be used to amplify the bus signal (unless the configuration ends with the fifth PCD3.C100).
• If the application is mounted in multiple rows, the restricted length of cable means that only three module holders (1× PCD3.C200 and 2× PCD3.C100) may be mounted in one row.

The following aspects should be considered for UL conform applications: 

• The PCD3.M6893 base module may only be used with I/O modules listed in UL61010.
• The PCD3.M6893 base module is to be powered by an UL Class 2 certified power supply.
• Use only 60°/75° copper conductors.
• This device shall be installed in an industrial control panel or other suitable rated enclosure.
• If the equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired.

Power supply and connection concept

• External power supply
  • A two-way rectified supply can be used for most modules.
  • It is generally recommended to use robust and interference-resistant SBC power supply units with 24 VDC output.

Grounding and connection plan

• The zero potential (GND) of the 24 V supply is connected to the GND and the controller’s grounding terminal. If possible, this should be connected to the ground bar with a short wire (<25 cm) with a cross section of 1.5 mm2
• The same applies to the negative connection to the PCD3.F1xx or the interrupt terminal.
• Any shielding of analogue signals or communication cables should also be brought to the same grounding potential, either via a negative terminal or via the ground bar.
• All negative connections are linked internally. For flawless operation, these connections should be reinforced externally by short wires with a cross section of 1.5 mm2.

Grounding and connection concept analogue inputs that are not electrically isolated (PCD3.W2x0, PCD3.W3x0)

• Signal sources (such as temperature sensors) should be connected direct to the input module wherever possible.
• To obtain optimum measurement results, avoid connection to a ground bar. Additional external GND connections to the sensor signals may result in equalising currents which distort the measurement. If shielded cables are used, the shielding should be continued to a ground bar.

Connection concept for PCD3.W3x0

• The reference potential of voltage and current inputs must be wired to a common GND distributor at the “–” terminal.
• Temperature sensors must be wired to a common GND distributor at the “COM” terminal. The module PCD3.W380 has a 2-wire connection for the inputs and requires no external GND distributor.

Connection concept for PCD3.W2x0

• The reference potential of signal sources must be wired to a common GND distributor at the “–” terminal

Extension module holders PCD3.C200 and PCD3.C100

The PCD3.C200 module holders provide the following internal supply currents to the modules plugged in or connected to them:

• Any shielding of analog signals or communication cables should also be brought to the same grounding potential, either via a negative terminal or via the ground bar.
• All negative connections are linked internally. For flawless operation, these connections should be reinforced externally by short wires with a cross section of 1.5 mm2.
• It is recommended to wire the I/O modules from a cable duct.
• The following aspects should be considered when planning PCD3 applications:
  • Insert a PCD3.C200 after each cable (at the start of a row)
  • The total length of the I/O bus is limited by technical factors; the shorter, the better.
  • Do not use more than six PCD3.C200s in a single configuration, or the time delay will exceed the I/O access time.

WEEE Directive 2012/19/ EC Waste Electrical and Electronic Equipment directive

Further information and support

• Further information and Software/QronoX are available on www.sbc-support.com.

Disclaimer

The plant engineer contributes his share to the reliable operation of an installation. He is responsible for ensuring that controller use conforms to the technical data and that no excessive stresses are placed on it, e.g. with regard to temperature ranges, over voltages and noise fields or mechanical stresses. In addition, the plant engineer is also responsible for ensuring that a faulty product in no case leads to personal injury or even death, nor to the damage or destruction of property. The relevant safety regulations must always be observed. Dangerous faults must be recognized by additional measures and any consequences prevented. Consistent use of the diagnostic elements of the PCD, such as the watchdog, exception organization blocks (XOB) and test or diagnostic instructions shall be made.

WEEE Directive:

• At the end of their useful life the packaging and product should be disposed of by a suitable recycling centre.
• Do not dispose of with normal household waste.
• Do not burn.

This symbol on our product shows a crossedout “wheelie-bin” as required by law regarding the Waste of Electrical and Electronic Equipment (WEEE) disposal. This indicates your responsibility to contribute in protecting the environment by proper disposal of this waste, i.e., not disposing of this product with your other wastes. To know the right disposal mechanism, please check the applicable law.

An example of power supply and connection concept

ATTENTION

• These devices must only be installed by a professional electrician. Otherwise, there is the risk of fire or the risk of an electric shock.

WARNING

• Product is not intended to be used in safety-critical applications, using it in safety critical applications is unsafe.

WARNING – Safety

• The unit is not suitable for the explosion-proof areas and the areas of use excluded in EN61010 Part 1.

WARNING – Safety

• Check compliance with nominal voltage before commissioning the device (see type label).
• Check that connection cables are free from damage and that, when wiring up the device, they are not connected to voltage.
• Do not use a damaged device!

NOTE

• In order to avoid moisture in the device due to condensate build-up, acclimatise the device at room temperature for about half an hour before connecting.

CLEANING

• The device can be cleaned in dead state with a dry cloth or cloth soaked in soap solution.
• Do not use caustic or solvent-containing substances for cleaning.

MAINTENANCE

• These devices are maintenance-free.
• If damaged, no repairs should be undertaken by the user.

GUARANTEE

• Opening the module invalidates the guarantee.
• Observe this instructions (data sheet) and keep them in a safe place.
• Pass on the instructions (data sheet) to any future user.
• WEEE Directive 2012/19/EC Waste Electrical and Electronic Equipment directive
• The product should not be disposed of with other household waste. Check for the nearest authorized collection centers or authorized recyclers. The correct disposal of end-of-life equipment will help prevent potential negative consequences for the environment and human health.
• EAC Mark of Conformity for Machinery Exports to Russia, Kazakhstan or Belarus.
• UAE RoHS EASY certification

Safety Instructions

Safety instructions for the PLC PCD3.M6893

• Saia PCD3.M6893 can be used in a highly networked environment and as such must be securely configured to reduce the risk of unauthorized access.

Internet Connection

• The device must not be connected directly to the internet without having proper precaution like a firewall between the Internet and the PCD3.M6893.

Network Segmentation

• The PCD3.M6893 is equipped with multiple network interfaces. The system traffic does not route between the interfaces. The system should be constructed as in the picture above. It must have different networks for control and IT networks. Separate critical from non-critical elements by connecting them to different segments.
• If networks cannot physically be separated, they at least must be firewalled off each other.

Selection of Protocols

• Wherever possible select encrypted and authenticated protocols.

Firewall

• While the PCD3.M6893 is equipped with a built-in firewall it is better to used dedicated firewall between the networks.

Remote Access

• In order to perform remote access to the system, a VPN must be used to tunnel network traffic securely from the remote engineering workstation into the IT network of the control infrastructure. The IT network should be configured in such a way that only the engineering tool communication protocol is allowed to pass from VPN network to the controller.
• Safety instructions for the PLC PCD3.M6893

Secure Remote Update

• To update the firmware of a PCD3.M6893 controller, a VPN connection as outlined in section “Remote Access” is required. Once the VPN Server and
• Client are securely configured the use the firmware downloader in the engineering tool as usual to install the latest firmware for the PCD3.M6893

Physical Access Control

• Fieldbus networks are inherently insecure, also the PCD3.M6893 is not secured against physical modification like manipulating I/O modules and commonly used IT protocols like DHCP cannot be secured. It is therefore mandatory that the complete control infrastructure, including IT infrastructure and all equipment is physically protected against unauthorized access.

Selection of Equipment

• Only use equipment develop according to secure practices. Secure Development Practices
• The PCD3.M6893 is freely programmable via IEC applications in the programming tool. Via SysXxxx and CAA libraries it is possible to access system resources of the operating system like file systems, serial interfaces, network interfaces, etc.(see help.codeys.com) While this level of access gives nearly unlimited flexibility it also requires discipline to develop IEC application in a secure manner.
• This section of the manual outlines secure development practices that must be followed in order to have to keep the system secure. The secure practices outlined here are not comprehensive, be sure to consult specialized documentation like the OWASP (https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide).

Input Data Validation

• Treat all data from external entities as untrusted. This is especially the case when receiving data from an external interface like a serial line or a network interface. Validate all input data by type, length and use white list of acceptable values.

Output Encoding

• When storing data to a file or transmitting it over a network ensure proper escaping related to the output format.

Communication Protocols

• Implementing communication protocols requires special care. If the protocol supports encrypted communication, ensure that it is utilized. When using
• TLS, verify that you are only using TLS 1.2 or higher.
• If session identifiers are used, ensure that session ids are completely random, not reused and delete after a session has been terminated.
• Terminate the communication session if an invalid session id is used.

Use of Watchdog

• The system is equipped with two user programmable watchdogs. Watchdogs can be used to bring a system into a defined state when a task is running out of defined bounds.

Cycle Time Watchdog

• In the ‘Task Configuration’ of an IEC application the Cycle Time watchdog can be programmed. Use this watch to protect against programming errors in individual tasks. If a task is exceeding the maximum allowed time, it will be killed by the runtime system.

Watchdog Relay

• The system is equipped with a physical relays contact. The watchdog relays can be programmed in such a way, that the contact opens if it is not triggered in a configurable interval.
• By having the watchdog contact in line with the power supply as outlined below, it will allow to shut down the system completely in case the watchdog is not triggered in the defined interval.

Use of Task Priority

• Cyclic tasks in IEC application can be assigned to different priorities, form background task to real-time tasks. Ensure that the tasks are structured so that only time-critical tasks are running with real-time priority. No real-time tasks should have long running loops or should call synchronous SysXxxx functions as this may block the whole system.

Use of IEC libraries

• Only use libraries from trusted sources. Use the library manager to check that the library is correctly signed. Don’t use libraries that are not signed or libraries of which the signature is invalid.

Creating and distributing Libraries

• Follow the guidelines part of the CODESYS manual. Ensure that the libraries are distributed as ‘compiled’ library otherwise the source code of the library is accessible for everyone having access to the library. Sign the library with your X.509 certificate.

Secure Device Configuration

• Follow the following guidelines to ensure a secure configuration of the PCD3. M6893 controller.

Network Ports

• Disable all network ports that are not in use.

Firewall

• The PCD3.M6893 is equipped with a built in IP packet filter firewall. The firewall is by default configured so, that the programming tool on the USB service port is able to communicate with the device. All other traffic, in- our outbound is blocked by default. You must explicitly add rules to allow traffic to get in or out of the device. It is important that the firewall rules are as strict as possible. The firewall must be kept enabled, in order to add a layer of defense.

Internet Detector

• This device is not designed to be directly connected to the Internet. In order to protect against accidental Internet connection or misconfiguration of the firewall, the PCD3.M6893 is equipped with an Internet Detector service thatdisables the connecting port. This service is enabled by default and should be disabled if the device is located behind a properly configured firewall and
• Internet services must be consumed.

Account management

• The unified account management on the PCD3.M6893 provides a role-based account management that is used for all services on the device. Ensure that accounts are given permission on the principle of least privilege. That means, each account should only be given access to elements it really needs having access to in order that it can perform the desire operations.
• If an account is only supposed to be used for a limited time period, e.g. because the account is for an employee with limited contract term, make sure that is reflected in the account.
• Enable account lockout to prevent against brute force attacks.
• Delete accounts that are no longer in use.
• Enable min. and max. password life time to force user to periodically change their password.

Special Roles

• Accounts with role 0 are Device Administrator accounts.
• Such accounts have full access on the device.
• Accounts with role 1 are User Administrator accounts.
• Such accounts manage other accounts as long as the managed accounts have the same or less roles than the device administrator account.

Certificate Management

General

• The PCD3.M6893 is equipped with three services, CODESYS, HTTPS server and OPC UA, that uses digital encryption certificates to ensure the identity its communication party, and/or to prove the device’s own identity. At first startup, or factory reset, these services generate a selfsigned certificate. While this helps commissioning the system it is not secure and must be changed before the system is put into operation.
• Do not put the PCD3.M6893 into operation with Self-signed certificates
• The use of self-signed certificates is handy when in development, but products should not be shipped to customers with self-signed certificates. You should be either creating an initial certificate for your product or you should have a mechanism for the end customer to provision the product and allow them to assign a corporate signed certificate to the device.
• You must inform your customer about the certificate management requirements of your product.

CODESYS

• The PCD3.M6893 uses a CODESYS RTS for the
• PLC functionality. The communication between
• QronoX ECS and the controller is always encrypted. The device generates an initial self-signed certificate. This certificate is exchanged by a custom certificate via the PLC shell inside of
• QronoX ECS. Consult the tools help for further information.

HTTPs/Web Server

• The HTTPs/Web Server of PCD3.M6893 supports custom certificates. The Web Server system configuration page in the programming tool allows installing a new certificate. The recommended way of doing so is to let the device generate a Certificate Signing Request (CSR). The CSR can be submitted to a trusted Certificate Authority (CA) which in turn issues the device certificate. This certificate can be installed via the Web Server system configuration page of the tool.
• Consult the tool’s help for further information.

OPC UA

• The OPC UA server of PCD3.M6893 can meet the strict security requirements of the OPC UA specification. This is only achievable if security in the system configuration is enabled and is used (the default is to have security enabled). As a product developer we strongly recommend ensuring secure channel communication is turned on in your product and the None-None-Anonymous security profile and the Accept all certificates option should be enabled if absolutely certain this is a requirement. Having security enabled and not having the None-None-Anonymous security profile as well as Accept all certificates off means all OPC UA clients connecting to your product must do so in a secure manner.
• Please also check the available security profiles to ensure the type of security required matches what you are configuring for your environment.
• OPC UA server certificates, issuer certificates as well as trusted client certificates is done via the Files tab in the CODESYS Devices object.
• Global Certificate Management (Push Model) is supported for managing the OPC UA X.509 certificates.

Data Privacy
Stored data on the device
The PCD3.M6893 stores the following data elements:

• Device configuration: IP address, Firewall rules, NTP configuration…
• User Management: Accounts, passwords, roles, permissions etc.
• Audit log: System log messages, all actionsfrom all users…
• CODESYS: PLC application and CODESYS runtime system configuration.
• SD Card: Backups & user data
• All data on the device is stored encrypted and is bound to the device. The only exception is backup files, which are encrypted but can be transferred to other devices and be restored there.

Stored project data

• Use project encryption to store project data. To do this, use the ‘Security Screen’ and set the project file encryption technology to ‘Encryption’.
• Choose between password, dongle or certificates.

Device Configuration

• The device configuration can be changed with the programming tool by accounts with the appropriate access rights.

Administration of Accounts

• A device or account administrator can manage accounts on the device using the Device User Management node in the programming tool. The user management can only be uploaded and downloaded as one piece.

Roles

• Create roles to define permissions to the system. Available system functionalities can be enabled/ disabled, or access rights can be set.

Profiles

• Create profiles to set up password and account settings. Assign roles to a profile to set the profile permissions.

Accounts

• Assign a profile to an account. Accounts can be locked or set to active/inactive for a certain period. A user or system has to login with a specific account to access the device.

Deleting Audit Log

• Device administrator accounts can delete the complete audit log by using the programming tool audit log viewer.
• This includes Programming tool projects.

CODESYS

• The PLC application can be changed and loaded with the programming tool. Only device administrators can do that.

SD Card

• That data on the user file system, as well as the backup files on the SD card can be managed via the File System Explorer in the programming tool.
• Access to the SD card data is restricted to Device Administrator accounts.

Erase All Data/Factory Reset

• All data on the device can be delete by pressing the service button for 30 seconds when during system power up.

Data Privacy Statement

• Saia-Burgess Controls AG’s privacy statement can be found here: https://www.saia-pcd.com/en-gb/privacy-statement/.

Order details

Accessories

CONTACT INFORMATION

• Saia-Burgess Controls AG
• Route Jo-Siffert 4 | 1762 Givisiez, Switzerland.
• Switchboard: T +41 26 580 30 00
• Support: T +41 26 580 31 00
• www.saia-pcd.com
• support@saia-pcd.com
• www.sbc-support.com.
• 34-009 ENG09 – 2025-09
• Data sheet – PCD3.M6893 (version 5.21.4/3.20.2.0)
• Subjects to change without notice.

FAQs

Q: What is the power consumption range of the PCD3.M6893?

A: The typical power consumption ranges from 175 mA to a maximum of 500 mA, depending on the load and operating conditions.

Q: What are the primary communication interfaces available on the PCD3.M6893?

A: The primary communication interfaces include Ethernet ports, USB ports, RS-485 port, Micro SD slot, and CAN port for various connectivity options.

Documents / Resources

	sbc PCD3.M6893 Cyber Secure IEC Controller [pdf] Owner's Manual PCD3.M6893, PCD3.M6893 Cyber Secure IEC Controller, Cyber Secure IEC Controller, IEC Controller
	sbc PCD3.M6893 Cyber Secure IEC Controller [pdf] Owner's Manual PCD3.M6893, PCD3.M6893 Cyber Secure IEC Controller, Cyber Secure IEC Controller, Secure IEC Controller, IEC Controller

References

• User Manual