EcoStruxure Power Commission Installation Guide

Download as pdf or txt
Download as pdf or txt
You are on page 1of 42

EcoStruxure Power Commission

Installation Guide
DOCA0134EN-17
09/2024

www.se.com
Legal Information
The information provided in this document contains general descriptions, technical
characteristics and/or recommendations related to products/solutions.
This document is not intended as a substitute for a detailed study or operational and
site-specific development or schematic plan. It is not to be used for determining
suitability or reliability of the products/solutions for specific user applications. It is the
duty of any such user to perform or have any professional expert of its choice
(integrator, specifier or the like) perform the appropriate and comprehensive risk
analysis, evaluation and testing of the products/solutions with respect to the relevant
specific application or use thereof.
The Schneider Electric brand and any trademarks of Schneider Electric SE and its
subsidiaries referred to in this document are the property of Schneider Electric SE or
its subsidiaries. All other brands may be trademarks of their respective owner.
This document and its content are protected under applicable copyright laws and
provided for informative use only. No part of this document may be reproduced or
transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), for any purpose, without the prior written permission of
Schneider Electric.
Schneider Electric does not grant any right or license for commercial use of the
document or its content, except for a non-exclusive and personal license to consult it
on an "as is" basis.
Schneider Electric reserves the right to make changes or updates with respect to or in
the content of this document or the format thereof, at any time without notice.
To the extent permitted by applicable law, no responsibility or liability is
assumed by Schneider Electric and its subsidiaries for any errors or omissions
in the informational content of this document, as well as any non-intended use
or misuse of the content thereof.
Table of Contents
Safety Information ....................................................................................5
About the Book...........................................................................................6
Installation Requirements ..........................................................................7
Prerequisites ..............................................................................................8
Download and Installation ....................................................................... 11
Downloading the EcoStruxure Power Commission Software ........................12
Installing the EcoStruxure Power Commission Software ..............................13
Software Registration................................................................................18
EcoStruxure Power Commission Software Upgrade ....................................21
Cybersecurity Best Practices ..................................................................22
Overview .................................................................................................23
Product Defense in Depth .........................................................................24
Potential Risks and Compensating Controls ...............................................27
Defense in Depth Measures Expected in User Environment.........................28
Secure Deployment ..................................................................................29
Secure Operation .....................................................................................31
Secure Decommissioning..........................................................................35
Awareness and Education.........................................................................37
Appendix ....................................................................................................38
Troubleshooting .......................................................................................39

DOCA0134EN-17 3
Safety Information

Safety Information
Important Information
Read these instructions carefully, and look at the equipment to become familiar
with the device before trying to install, operate, service, or maintain it. The
following special messages may appear throughout this documentation or on the
equipment to warn of potential hazards or to call attention to information that
clarifies or simplifies a procedure.

The addition of this symbol to a “Danger” or “Warning” safety label indicates that an
electrical hazard exists which will result in personal injury if the instructions are not
followed.

This is the safety alert symbol. It is used to alert you to potential personal injury
hazards. Obey all safety messages that follow this symbol to avoid possible injury or
death.

! DANGER
DANGER indicates a hazardous situation which, if not avoided, will result in death or serious
injury.

! WARNING
WARNING indicates a hazardous situation which, if not avoided, could result in death or
serious injury.

! CAUTION
CAUTION indicates a hazardous situation which, if not avoided, could result in minor or
moderate injury.

NOTICE
NOTICE is used to address practices not related to physical injury.

Please Note
Electrical equipment should be installed, operated, serviced, and maintained only
by qualified personnel. No responsibility is assumed by Schneider Electric for any
consequences arising out of the use of this material.
A qualified personnel is one who has skills and knowledge related to the
construction and operation of electrical equipment and its installation, and has
received safety training to recognize and avoid the hazards involved.

DOCA0134EN-17 5
About the Book

About the Book


Document Scope
This document describes the installation of EcoStruxure Power Commission™
software.

Validity Note
This document is valid for EcoStruxure Power Commission™ software version 2.0
or later.

6 DOCA0134EN-17
Installation Requirements
What’s in This Part
Prerequisites....................................................................................................8

DOCA0134EN-17 7
Prerequisites

Prerequisites
Hardware Requirements
Component Minimum Requirements

Processor Intel® Core™ 2 Duo CPU at 3.00 GHz


RAM 4 GB
System type 64 bit or 32 bit

Software Requirements
The software requirements for EcoStruxure Power Commission [EPC] software
are:
• Microsoft Windows® 10 and 11 operating system with .net framework 4.8
support
NOTE: Windows 10 and 11 versions 1507 and 1511 do not support .net
framework 4.8.
• Modbus driver (version 2.20 IE30 for 32-bit and version 3.20 IE30 for 64-bit)
• Require at least 2 GB free space in the drive where EcoStruxure Power
Commission will be installed

NOTE: Make sure to follow the below guidelines before starting the
installation.
• User should have access to Run Node.exe
• User should have full permission to:
◦ %UserProfile%\Documents\Schneider-Electric\Ecoreach
◦ %UserProfile%\AppData\Roaming\Schneider-Electric\Ecoreach
◦ %ProgramData%\Schneider-Electric\Ecoreach

8 DOCA0134EN-17
Prerequisites

• Following URLs are allowlisted in your IT infrastructure


◦ External servers (cloud connection) URL – Rest of the World

Servers URL
IDMS - Customer Identify and https://secureidentity.schneider-electric.com/
Access Management (cIAM)

Google analytics http://www.google-analytics.com

Cloud Commissioning (CC) https://topology.api.cloud-commissioning.se.com/v1

Project Asset Sharing (PAS) https://gw-api-emea.schneider-electric.com/ecoreachv2/v2

Schneider Project Information https://gw-api-emea.schneider-electric.com/spim/3.1


Management (SPIM)

Monetization Digital Supply https://www.se.com/us/en/shop/software/product/84980/


Chain (DSC) checkout/create-order

Monetization Flexnet https://schneider-electric.flexnetoperations.com/flexnet/


Operations (FNO) deviceservices

Monetization GoDigital http://godigital.schneider-electric.com


https://digitalpackage.schneider-electric.com/dpb

SafeRepo http://go2se.com/ref=

Asset Lifecycle Management https://alm.se.com/console/product


(ALM)

Bridge Front Office (BFO) https://api.se.com

◦ External servers (cloud connection) URL – China

Servers URL
IDMS - Customer Identify and https://secureidentity.schneider-electric.cn/
Access Management (cIAM)

Google Analytics http://www.google-analytics.com

Project Asset Sharing (PAS) https://gw-api-cn.schneider-electric.com/ecoreachv2/v2

Schneider Project Information https://gw-api-cn.schneider-electric.com/spim/3.1


Management (SPIM)

Monetization Digital Supply https://exchange.se.com/shop/products-services/84980/


Chain (DSC) checkout/create-order

Monetization Flexnet Operations https://schneider-electric.flexnetoperations.com/flexnet/


(FNO) deviceservices

Monetization GoDigital https://godigital.schneider-electric.cn


https://digitalpackage.schneider-electric.com/dpb

SafeRepo http://go2se.com/ref=

Asset Lifecycle Management https://alm.se.com/console/product


(ALM)

Bridge Front Office (BFO) https://api.se.com

DOCA0134EN-17 9
Prerequisites

Port Number Requirements


The EcoStruxure Power Commission application uses the below default ports for
communication with its internal and external components. These ports are not
configurable in EcoStruxure Power Commission by the user.

Service Protocol Port Configura-


ble
User Identity HTTPS First choice of port : 8084 No
Management
Service (cIAM) If not available dynamically chosen from
this list (61123, 62123, 65377, 65379,
65389, 65399) based on availability

Local Host - First choice of port : 8085 No


Communication
If not available dynamically chosen in the
range of 62433 to 62899

UI Service HTTP First choice of port : 8083 No

If not available dynamically chosen in the


range of 62433 to 62899

SPIM Service HTTP First choice of port : 8089 No

If not available dynamically chosen in the


range of 62433 to 62899

The EcoStruxure Power Commission application will not launch successfully if any
of the above mentioned ports are being used by other applications or services.
These ports must be freed up in the host machine to successfully launch the
application. In case of any launch issues due to above mentioned ports with
PORT_IN_USE error, please contact your IT administrator to free up the ports.
To determine which ports are already in use, open a command prompt window
and run the command netstat -a. This will list all the TCP port numbers currently
used in the system.

10 DOCA0134EN-17
Download and Installation
What’s in This Part
Downloading the EcoStruxure Power Commission Software..............................12
Installing the EcoStruxure Power Commission Software....................................13
Software Registration .....................................................................................18
EcoStruxure Power Commission Software Upgrade..........................................21

DOCA0134EN-17 11
Downloading the EcoStruxure Power Commission Software

Downloading the EcoStruxure Power Commission


Software
Procedure

WARNING
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND
CONFIDENTIALITY
Download EPC software from se.com. Use SESU for software updates and
upgrades. Do not use software downloaded from unknown or unauthorized
source.
Verify the authenticity of the software while installing. Refer - Section
Application Signing, page 24 and Verifying file integrity and authenticity, page
32 for verifying integrity and authenticity of the software.
Failure to follow this instruction can result in death, serious injury,
equipment damage, or permanent loss of data.

NOTE: The user should have administrator privilege on the PC to install


EcoStruxure Power Commission™ software.

Step Action

1 Go to the Schneider Electric website: www.se.com or Schneider Electric country


website.
2 In the Search box, type EcoStruxure Power Commission.

3 Click Select location and select your geographical location.

4 Select Software from the search results.

Result: Displays a SUGGESTIONS list.

5 Select EcoStruxure Power Commission Installer from the SUGGESTIONS list.


6 Download the EcoStruxure Power Commission installer.
7 Install the EcoStruxure Power Commission software, page 13.

12 DOCA0134EN-17
Installing the EcoStruxure Power Commission Software

Installing the EcoStruxure Power Commission


Software
Procedure
Step Action

1 Double-click the EcoStruxure Power Commission setup file.

Result: InstallShield Wizard is displayed.

2 Select the required language for the installation, and click OK.

Result: The Prerequisite requirement window is displayed.

3 Click Install.

DOCA0134EN-17 13
Installing the EcoStruxure Power Commission Software

Step Action

Result: The installation starts, and the Welcome window is displayed.

4 Click Next in the Welcome window.

Result: The License Agreement window is displayed.

5 Read the license agreement and accept the terms of the agreement selecting the
appropriate option. Click Next.

14 DOCA0134EN-17
Installing the EcoStruxure Power Commission Software

Step Action

Result: The Privacy Notice window is displayed.

6 Click Next in the Privacy Notice window.

Result: The following window is displayed.

7 If you are located in China Mainland, select China, otherwise select Rest of the world
and then click Next.

DOCA0134EN-17 15
Installing the EcoStruxure Power Commission Software

Step Action

Result: The Destination Folder window is displayed.

8 Click Next in the Destination Folder window to save the installation file in the default
folder mentioned.
NOTE: If you want to change the default installation location, click Change....
Result: The Ready to Install the Program window is displayed.

16 DOCA0134EN-17
Installing the EcoStruxure Power Commission Software

Step Action

9 Click Install in the Ready to Install the Program window.

Result:
• The Installing EcoStruxure Power Commission window is displayed with
installation in progress.
• After the installation is completed, the Installation Wizard Completed window is
displayed.

10 Click Finish to exit the installation.

DOCA0134EN-17 17
Software Registration

Software Registration
Steps for Registration
NOTE: The PC should have Internet connection for the registration.
When you start the EcoStruxure Power Commission for the first time, follow these
steps:

Step Action

1 Double-click the EcoStruxure Power Commission icon on the desktop to start the software.

Or

Click Start > EcoStruxure Power Commission.


Result: The registration or login screen is displayed.

2 You can register and log in through your email ID.

NOTE: Only Schneider Electric employees can use icon to directly log into
EcoStruxure Power Commission.
3 For a new user, click Register here.

Result: The User Registration screen is displayed.


NOTE: You can select the location here.
4 Enter all the required details, and click Next.

5 Enter the company name and business type. Complete the validation step and click
Register.

18 DOCA0134EN-17
Software Registration

Step Action

Result: A validation email is sent to the registered email.

6 Open the registered email and check for the confirmation email sent from

[email protected].
NOTE: Sometimes Spam filters block automated emails. If you do not find the email in
your inbox, check your Spam or Junk folder.

7 Click the activation link attached in the email to verify and complete your registration.

Result: A verification code will be sent to ****@****.com.


NOTE: Check your spam folder, if you do not receive an email within the next 5
minutes and make sure that ‘@se.com’ is approved for future communications.

8 Enter the verification code and new password to complete your registration. Click Set
password & login.

9 Click Enable to enable two-factor authentication and follow instructions.

DOCA0134EN-17 19
Software Registration

Step Action

10 Go to EcoStruxure Power Commission application, and click Go Back to login.

Result: The login screen is displayed.

11 Enter the registered user name and password.


NOTE: It is not recommended to log in with the same User ID from two different PC or
laptops.

20 DOCA0134EN-17
EcoStruxure Power Commission Software Upgrade

EcoStruxure Power Commission Software Upgrade


Live Update Through Schneider Electric Software Update
The Schneider Electric Software Updates (SESU) utility detects any new update
for EcoStruxure Power Commission. Whenever there is an update available for
the EcoStruxure Power Commission software, the notification area at the far right
of the task bar displays the latest information to be updated.
The notification guides the user to download and install the updated EcoStruxure
Power Commission software version.
NOTE: Do not delete or uninstall the existing EcoStruxure Power Commission
installation software before checking for updates. SESU utility takes care of
updating your EcoStruxure Power Commission software seamlessly.
You can configure the notification frequency for EcoStruxure Power Commission
update in SESU. To configure it, click Start > All Programs > Schneider Electric
> Software Update > Settings.

DOCA0134EN-17 21
Cybersecurity Best Practices
What’s in This Part
Overview .......................................................................................................23
Product Defense in Depth ...............................................................................24
Potential Risks and Compensating Controls .....................................................27
Defense in Depth Measures Expected in User Environment ..............................28
Secure Deployment........................................................................................29
Secure Operation ...........................................................................................31
Secure Decommissioning ...............................................................................35
Awareness and Education ..............................................................................37

22 DOCA0134EN-17
Overview

Overview
Cybersecurity is intended to help and protect your communication network and all
equipment connected to it from attacks, that could disrupt operations (availability),
modify information (integrity), or give away confidential information
(confidentiality). The objective of cybersecurity is to provide increased levels of
protection for information and physical assets from theft, corruption, misuse, or
accidents while maintaining access for their intended users. There are many
aspects to cybersecurity including designing secure systems, restricting access
using physical and digital methods, identifying users, as well as implementing
security procedures and best practice policies.
This section provides information on how to help secure your system from a
malicious cyber attack.
Refer to Schneider Electric’s product security brochure for Recommended
Cybersecurity Best Practices.

DOCA0134EN-17 23
Product Defense in Depth

Product Defense in Depth


This section describes the security capabilities of the application.

Secure Development Lifecycle


Schneider Electric uses a Secure Development Lifecycle (SDL) process, a key
product development-based framework that helps ensure products follow secure
design processes across all lifecycle stages. The Schneider Electric SDL process
complies with IEC 62443–4.1.
The SDL process includes the following:
• SDL practices applied to internal development actions, throughout the supply
chain.
• Final cybersecurity review required for the project release.
• Security training for personnel involved in the product development.

Application Security Capabilities


Secure Communication

This security capability help to protect the confidentiality of information through


secure protocols that employ cryptographic algorithms, key sizes, and
mechanisms used to help prevent unauthorized users from reading information in
transit, i.e. HTTPS, Secure Modbus.

Application Signing

EcoStruxure Power Commission application is digitally signed by Schneider


Electric. Verify the file integrity and authenticity of installable, software updates,
and other components before installing them in the system. Do not install files for
which the integrity and authenticity cannot be confirmed. For details on how to
verify file integrity and authenticity, see Verifying file integrity and authenticity,
page 32.

Component Integrity Check

When the EcoStruxure Power Commission application is started, it verifies the


integrity of each component (Dynamic Linked Libraries) before loading into
memory. This security mechanism prevents the loading of malicious components
in the application.
If the application detects failure in an integrity check for any component, it will stop
the application launch.

Event Logging

Application supports event logging capabilities and generates audit records for
access control, request errors, configuration changes, and user action.

24 DOCA0134EN-17
Product Defense in Depth

EcoStruxure Power Commission log files are stored in user specific app data
folder located in %UserProfile%\AppData\Roaming\Schneider-Electric\Ecoreach
\Logs.

Syslog Client

The EcoStruxure Power Commission application supports the syslog client feature
to send security event records to a syslog server to facilitate centralized log
analysis.

Data Privacy

The EcoStruxure Power Commission application is developed with data privacy by


design best practises. Personal data is collected and processed in an open and
transparent manner. Refer to Schneider Electric’s Schneider Data Privacy and
Cookie Policy for more details on how we process and protect your personal
information, including how you can use the rights granted to you by applicable
data protection law (such as the rights of access, rectification, and objection).

Cloud-based Software Cybersecurity Details

Cloud Commissioning is a cloud-based service that supports front-end


commissioning applications or clients like EcoStruxure Power Commission
Desktop and Mobile applications to interact with the cloud using microservices or
APIs and is hosted on the Microsoft Azure Cloud.

Secure Development Lifecycle

Schneider Electric is continuously monitoring the changing security landscape of


cryptography and cybersecurity to ensure that we offer the best available
protections to our customers and their sensitive data. Our development practises
follow a Secure Development Lifecycle, which ensures a high level of code quality
and usage of up-to-date libraries in order to ensure an optimal level of
Cybersecurity. All Schneider Electric cloud systems are regularly audited by an
internal process that includes penetration tests.

Certified Data Centers

Our cloud services are physically deployed across multiple Microsoft Azure data
centres. Microsoft data centres are world-class facilities with more certifications
than any other cloud provider. The data centres used by EcoStruxure Cloud
Commissioning are located in multiple countries. Certifications and compliance
achievements include ISO or IEC 22301, 27017, 27018, and ISO or IEC 27001, in
addition to SOC 1, SOC 2, and SOC 3. To learn more about Microsoft Azure data
centres, visit: https://azure.microsoft.com/en-us/support/trust-center.

Data Security At Rest

Schneider Electric follows best practises to create a highly secure solution and
limit the risk of data being compromised in any meaningful manner while
protecting the privacy, control, and autonomy of each customer's data
independently from others.
Our solution includes:

DOCA0134EN-17 25
Product Defense in Depth

• Asset Information
• Business Analytics data like asset identification, Schneider user information
(such as department, country, city, or plant name), and EPC failure events.

Data Security In Motion

Schneider Electric cloud based application implement best practices such as:
• All communications to and from EcoStruxure Cloud Commissioning with
internal Schneider Electric systems or external third-party systems are
encrypted using HTTPS (the minimum level required is TLS 1.2).
• The certificate involved in these encrypted sessions leverages the SHA-256
secure hash algorithm.
• Schneider Electric is continuously monitoring the changing security
landscape of cryptography and cybersecurity to ensure that we offer the best
available protections to our customers and their sensitive data.

Data Privacy

Schneider Electric focuses on securing data flows coming from connected


products and solutions (whether they connect to non-Schneider Electric hosts or
platforms managed by Schneider Electric) and aligning to the latest data integrity
and privacy regulatory requirements, such as the European General Data
Protection Regulation (GDPR).
• Data policy is compliant with local regulations.
• The Customer Data Use and Protection Policy is to be electronically signed
by the responsible party of the site (for example, the building owner or
tenant).
• No data will be exported without this agreement.
• Data remains customer ownership.

26 DOCA0134EN-17
Potential Risks and Compensating Controls

Potential Risks and Compensating Controls


Area Issue Risk Compensating
Controls
Insecure protocols Based on the If a malicious user If transmitting data
capabilities supported gained access to your over an internal
by the product or network, they could network, physically or
device being intercept logically segment the
commissioned, communication with network. If transmitting
EcoStruxure Power the devices that don’t data over an external
Commission support secure network, encrypt
application may need communication protocol transmissions
to use communication protocols. over all external
protocols such as connections using a
Modbus, DPWS or VPN or a similar
Telnet to communicate solution.
with the device. These
protocols are not
inherently secure.
Devices using these
protocols may not
have the capability to
transmit data securely.

QR code Someone may tamper If the QR code has Check that the QR
with the Schneider been tampered with, it code has not been
Electric QR code of can redirect to a fake tampered with (no
the switchboard. site and the user rips, tears, punctures,
credential be stolen or or scratches) and
robbed. check that the URL
redirects you to a
Schneider Electric
web site (domain).

Unauthorized Access Unauthorized user If an unauthorized Use physical security


to EcoStruxure Power may access user user gains access to controls to help
Commission PC and accounts in the PC or PC and Windows user prevent unauthorized
user account Laptop where account where access PC or Laptop
EcoStruxure Power EcoStruxure Power and devices.
Commission software Commission software
is installed. is installed, then the Use strong passwords
unauthorized user can to secure user
view and modify account.
project data, tamper
the application to run Do not use shared
malicious code. accounts.

Do no share
credentials with other
users.

Disable unused
accounts.
Access application Unauthorized user If an unauthorized Limit access to
server from Local Area may access server user gains access to network where
Network running in Local Area Network EcoStruxure Power
EcoStruxure Power where EcoStruxure Commission system
Commission PC or Power Commission and Schneider Electric
Laptop from Local PC or Laptop is devices are connected
Area Network . connected, then the
attacker may perform Always place
IP address spoofing to Schneider Electric
get access to systems and devices
application server. behind firewalls and
other security
protection appliances
that limit access to
only authorized
connections.

Continually monitor for


events that might
indicate attempted
unauthorized access.

DOCA0134EN-17 27
Defense in Depth Measures Expected in User Environment

Defense in Depth Measures Expected in User


Environment
Schneider Electric recommends a Defense-in-Depth approach to cyber security
for its customers. Defense-in-Depth is a hybrid, multi-layered security strategy that
provides holistic security throughout an industrial enterprise.

Cybersecurity Policy
Security plan, policies and procedures that cover risk assessment, risk mitigation
and methods to recover from disaster. Policy is available with up-to-date guidance
on governing the use of information and technology assets in your company.

Network Separation
Separating the industrial automation and control system from other networks by
creating Demilitarized Zones (DMZ) to protect the industrial system from
enterprise network requests and messages.

Perimeter Security
Firewalls, authentication, authorizations, VPN (IPsec) and antivirus software to
prevent unauthorized access. Installed devices, and devices that are not in
service, are in an access-controlled or monitored location.

Network Segmentation
Containment of a potential security breach to the only affected segment by using
switches and VLANs to divide the network into sub-networks and by restricting
traffic between segments. This helps contain malware impact to one network
segment; thus limiting damage to the entire network.

Device Hardening
Password management, user profile definition, and deactivation of unused
services to strengthen security on devices. Controls against malware - detection,
prevention, and recovery controls to help protect against malware are
implemented and combined with appropriate user awareness.

Monitoring and Update


Monitoring and Update provides:
• Surveillance of operator activity and network communications.
• Regular updates of software and firmware.
• Monitor and restrict use of shared user account.

28 DOCA0134EN-17
Secure Deployment

Secure Deployment
Securing Network

WARNING
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND
CONFIDENTIALITY
Use cybersecurity best practices to help prevent unauthorized access to the
software.
Failure to follow this instruction can result in death, serious injury,
equipment damage, or permanent loss of data.

Improve security of networked devices by using multiple layers of cyber defense


(such as firewalls, network segmentation, and network intrusion detection and
protection). Disable unused ports or services and default accounts to help
minimize pathways for malicious attackers.
To reduce the security risks associated with networks, follow these guidelines:
• Use firewalls and other security devices or settings to limit access to the host
network, based on your security risk assessment.
• When using a firewall:
Restrict communication to the expected ports, as per your network
configuration. Only open those ports that are necessary for network
communication.
• When using network switches:
Close or disable unused network ports to prevent unauthorized connection of
network nodes or PLCs.

Securing PC or Laptops
Patching

WARNING
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND
CONFIDENTIALITY
Apply the latest updates and hotfixes to your Operating System and software.
Failure to follow this instruction can result in death, serious injury,
equipment damage, or permanent loss of data.

Ensure all Windows updates and hotfixes, especially Windows security updates
are regularly applied to machines running EcoStruxure Power Commission
application.

Allowlisting

Zero-day cybersecurity attacks take place before a software vendor is aware of a


cybersecurity exploit. This means that neither software, nor anti-virus programs
have been created or updated to protect against the zero-day threat or attack.
Application allowlisting is recommended to protect against zero-day attacks. This
specifies an index of approved software applications and processes (in our case,

DOCA0134EN-17 29
Secure Deployment

EcoStruxure Power Commission application) that are permitted to be present and


active on PC system.

Securing User Access

WARNING
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND
CONFIDENTIALITY
Use cybersecurity best practices when configuring user access.
Failure to follow this instruction can result in death, serious injury,
equipment damage, or permanent loss of data.

Cybersecurity policies that govern user accounts and access, such as least
privilege and separation of duties, vary from site to site. Work with the facility IT
System Administrator to ensure that user access adheres to the site-specific
cybersecurity policies.
Make sure not to use a shared user account. Use a separate account for each
user.

30 DOCA0134EN-17
Secure Operation

Secure Operation

WARNING
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND
CONFIDENTIALITY
Use cybersecurity best practices and follow recommended operation guidelines
while using the application.
Failure to follow this instruction can result in death, serious injury,
equipment damage, or permanent loss of data.

Recommended Operation Guidelines


Always use EcoStruxure Power Commission with standard user account. Do not
launch EcoStruxure Power Commission as administrator.
It is recommended to close EcoStruxure Power Commission application before
switching the user account or logging out of user account.
Do not install untrusted extensions in web browser. Follow your organizations IT
policy for the safe use of web browsers.
Periodically review application event logs.
Disable unused Universal Serial Bus (USB) ports.
EcoStruxure Power Commission project files are stored in a user-specific
documents directory located in %userprofile%\documents. These project files are
visible to anyone who is using the same Windows user account for panel
commissioning with the EcoStruxure Power Commission application. This is true
even if multiple Schneider Electric user accounts are used on the same Windows
user account.
Do not share the Windows user account in which EcoStruxure Power Commission
was installed with other users, if you do not intend to share these project files with
another user. Use a dedicated Windows user account for each Schneider Electric
user account.

Software Update

Maintain up-to-date version of application software. See section EcoStruxure


Power Commission Software Upgrade, page 21 for the details.

Network Monitoring

When using a firewall:


• Periodically monitor the firewall to ensure the configuration has not been
changed, and that the firewall status does not indicate communication has
occurred on unexpected ports.
• Only open those ports that are necessary for network communication.
• When using network switches: Periodically monitor the switch to ensure the
configuration has not been changed, and that the switch status does not
indicate communication has occurred on unexpected ports.

DOCA0134EN-17 31
Secure Operation

Monitoring PC

Back up the project file regularly and store it in a secure, separate, non-shared
location.
Install operating system patches and anti-virus software updates on the PC, as
they are released.
Periodically monitor the Windows accounts available on the PC to ensure that only
the necessary personnel can log on to the PC, with the appropriate level of
access. Remove inactive or unnecessary user accounts.
Review the windows System Events Log to monitor logon and logoff activity on all
the PCs, and to detect attempted unauthorized activity.
Periodically review user accounts and their roles and privileges to ensure
compliance with your organization’s policy.

QR Code Best Practices

QR Codes may be tampered with untrusted content, resulting in redirection to


malicious sites and the theft of user credentials.
Users should ensure that the QR code is not tampered (has no rips, tears,
punctures, or scratches) and that the URL redirects to a Schneider Electric
website (domain).

Security Functionality Verification


Verifying File Integrity and Authenticity

Periodically verify the digital signatures of application executable files as shown


below.
To verify the file integrity and authenticity:
1. Right-click EcoStruxure Power Commission setup file and select Properties.
This opens the Properties window.
2. In the Properties window, select the Digital Signatures tab.

32 DOCA0134EN-17
Secure Operation

3. In the Signature list, select the name of signer. Click Details.


NOTE: Only Schneider Electric should be shown in the Signature list.
4. In the Digital Signature Details window, verify that the digital signature is ok
and that the signer name shows Schneider Electric.
5. Click View Certificate option to view certificate details.

6. Verify that the certificate is issued by trusted Certification Authority (CA).

DOCA0134EN-17 33
Secure Operation

7. Select Certification Path tab to view certificate chain of trust and certificate
status and click OK.

8. Close the Properties window.

34 DOCA0134EN-17
Secure Decommissioning

Secure Decommissioning
Decommissioning removes EcoStruxure Power Commission files to prevent
potential disclosure of sensitive, confidential, and proprietary data and software
from your system. You risk disclosing your project data, system configuration, user
information, and other sensitive information if you do not decommission. It is
strongly recommend that, you decommission your system at the end of its life.

WARNING
UNINTENDED DATA LOSS OR LOSS OF SOFTWARE FUNCTION
• Decommission EcoStruxure Power Commission if it is no longer needed.
• Backup project data and log files before decommissioning.
• Refer section EcoStruxure Power Commission Software Upgrade for
updating the software.
Failure to follow these instructions can result in unintended data loss or
loss of software function.

Uninstall the EcoStruxure Power Commission Software

Procedure
Steps to uninstall EcoStruxure Power Commission.

Step Action

1 Go to Programs and Features under Control Panel.

Select EcoStruxure Power Commission and click Uninstall

DOCA0134EN-17 35
Secure Decommissioning

2 Click Yes to confirm to uninstall EcoStruxure Power Commission and continue.

3 Once you click Yes, Windows will start the uninstallation process.

NOTE: If you get error while uninstalling, contact Schneider Electric customer care
center.

EcoStruxure Power Commission log files are not removed after uninstallation of
the application. Take a backup of log files and store it in a secure place. Manually
delete log files from the logs folder located in % UserProfile%\AppData\Roaming
\Schneider-Electric\Ecoreach\Logs after uninstalling the application.

36 DOCA0134EN-17
Awareness and Education

Awareness and Education


Knowledge is the first step to prevent cyber intrusions. Review the following
resource to increase your cybersecurity awareness.
The Schneider Electric Cybersecurity Portal contains cybersecurity news, security
notifications, and additional resources.

Schneider Electric Cybersecurity Support Overview


The Schneider Electric cybersecurity support portal outlines the Schneider Electric
vulnerability management policy. The aim of the Schneider Electric vulnerability
management policy is to address vulnerabilities in cybersecurity affecting
Schneider Electric products and systems to protect installed solutions, customers,
and the environment.
Schneider Electric works collaboratively with researchers, Cyber Emergency
Response Teams (CERTs), and asset owners to ensure that accurate information
is provided in a timely fashion to protect their installations.
Schneider Electric's Corporate Product CERT (CPCERT) is responsible for
managing and issuing alerts on vulnerabilities and mitigations affecting products
and solutions.
The CPCERT coordinates communications between relevant CERTs, independent
researchers, product managers, and all affected customers.

Schneider Electric Cybersecurity Support Portal


The support portal provides the following information:
• Cybersecurity vulnerabilities of products.
• Cybersecurity incidents.
• An interface that enables users to declare cybersecurity incidents or
vulnerabilities.

Security Notification
Product security notification posted can be viewed via Schneider Electric website:
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

Vulnerability Reporting and Management


Cybersecurity incidents and potential vulnerabilities can be reported via the
Schneider Electric website:Report a Vulnerability.
For more information on cybersecurity for EcoStruxure, visit the website:
https://www.se.com/ww/en/work/solutions/cybersecurity/

DOCA0134EN-17 37
Appendix
What’s in This Part
Troubleshooting .............................................................................................39

38 DOCA0134EN-17
Troubleshooting

Troubleshooting
Error Code Error Description Steps to be Followed

MODBUSDRIVER_NOT_ Unsuccessful installation Download and install Modbus


RUNNING driver by accessing the below
link https://www.se.com/ww/
en/download/document/
SEModbusDriverSuite/
PORT_IN_USE Ports needed for the launch 1. Identify the ports
of EcoStruxure Power already in use by
Commission that are used by opening a command
other applications or services prompt window and
running the command
netstat -a
2. Ensure that the ports
needed for the
communication with
internal and external
components are free.
Refer Port Number
Requirements, page 10
in this document for the
information about the
ports needed
3. Contact your IT admin
for any support to free
up ports
4. If the issue persists,
contact Schneider
Electric Customer
Support

APP_ERROR_MSG_HEADER Application failed to launch Contact Schneider Electric


customer support
NOTE: Make sure that
the prerequisites are
met with the help of local
IT administrator. Refer to
Prerequisites, page 8

DUPLICATE_INSTANCE_ Duplicate instance of 1. Open Task bar


RUNNING Ecostructure Power 2. Select EcoStruxure
Commission application is Power Commission
running
application
3. Click End task
4. Re-launch EcoStruxure
Power Commission
application

_ERR_CERT_VALID_ Unable to authenticate the Allowlist Schneider Electric


cloud services. URLs used for
NOTE: If HTTPS or TLS communicating with the cloud
Inspection is performed services in the proxy serve or
in the proxy server or /firewall. (Refer
firewall, then this could Prerequisites, page 8 section
break the certificate for list of URLs to be
check during cloud allowlisted). Also make sure
service authentication to follow the installation guide
pre-requisites.

Please follow your


organizations IT policy for
allowlisting the URLs.

Contact Schneider Electric


CCC if the issue persists.

SQLCE_NOT_PRESENT_ Unsuccessful Installation Uninstall and install the EPC


software.
NOTE: Prerequisites
Microsoft SQL server
compact is installed.

DOCA0134EN-17 39
Troubleshooting

Automatic Log Sharing


EcoStruxure Power Commision will share the error logs with customer support
with a reference number. It is recommended to note down the reference number
and provide it to Schneider Electric’s customer support personnel to resolve the
error.
NOTE: Customer-specific information will not be shared through log sharing.
Please see the Schneider Electric privacy policy for more details.

40 DOCA0134EN-17
Schneider Electric
35 rue Joseph Monier
92500 Rueil Malmaison
France
+ 33 (0) 1 41 29 70 00
www.se.com

As standards, specifications, and design change from time to time,


please ask for confirmation of the information given in this publication.

© 2024 Schneider Electric. All rights reserved.


DOCA0134EN-17

You might also like