Security recommendations
NOTICE
Information security
Connect to the device and change the standard password for the user set in the factory "admin"
and "" before you operate the device.
3.1
Security recommendations
To prevent unauthorized access to the device and/or network, note the following security
recommendations.
General
• Periodically audit the device to make sure it complies with these recommendations and/or
any internal security policies.
• Evaluate the security of your site and use a cell protection concept with suitable products.
For more information, visit Industrial Security Website
industrialsecurity).
• Review the user documentation for other Siemens products used along with the device for
further security recommendations.
• Use remote system logging to forward system logs to a central logging server. Make sure the
server is within the protected network and check the logs regularly to identify potential
security breaches/vulnerabilities.
For more information, refer to "Supplementary documentation (Page 8)".
Authentication
NOTICE
Accessibility hazard - risk of data loss
Do not misplace passwords for the device. Access to the device can only be restored by resetting
it to factory defaults, which will remove all configuration data.
• Replace the default passwords for all user accounts, access modes and applications (where
applicable) before the device is deployed.
• Use strong passwords. Avoid weak passwords (e.g. password1, 123456789, abcdefgh) or
repeated characters (e.g. abcabc).
This recommendation also applies to symmetric passwords/keys configured on the device.
• Make sure passwords are protected and not shared with unauthorized personnel.
• Do not re-use passwords across different user names and systems.
SCALANCE XCH-300/XCM-300
Equipment Manual, 10/2022, C79000-G8976-C585-02
(https://www.siemens.com/
3
15