Installing Firmware Updates
Overview
An increasingly common cyber attack is the distribution of doctored or illegitimate software packages that may contain modified applications or additional applications. These applications can compromise the integrity of the original software and its intended use.
To help ensure the integrity and authenticity of components of the MasterPacT, ComPacT, and PowerPacT IMU, namely the MicroLogic X or MicroLogic Active control unit, IFE server, IFE, EIFE, or IFM interface, BSCM Modbus SL/ULP or IO module, and the FDM121 display, Schneider Electric original firmware is digitally signed.
Update firmware using EcoStruxure Power Commission software. You must have the latest version of EcoStruxure Power Commission software. Use EcoStruxure Power Commission software to update firmware through the firmware menu.
Cybersecurity Recommendations Concerning Firmware Updates
 WARNING |
|---|
|
RISK OF UNINTENDED OPERATION
Failure to follow these instructions can result in death, serious injury, or equipment
damage.
|
When installing firmware updates for components of the MasterPacT, ComPacT, and PowerPacT IMU, it is recommended to:
-
Only use the latest version of the EcoStruxure Power Commission software to download and install firmware updates.
-
Harden the PC that runs EcoStruxure Power Commission software by following the most recent vendor guidelines for the operating system.
-
Install updates following accepted operational technology (OT) practices such as testing on a non-production environment (if available) for validation before installing and deploying them in your production system.
Refer to the relevant firmware release note to check if the latest update provides cybersecurity improvements. If so, updating to this version is recommended.
Signed Firmware
Firmware designed for the MicroLogic X control unit, MicroLogic Active control unit, and the ULP modules is signed using the Schneider Electric public key infrastructure (PKI). The digital signatures are authenticated using the public certificate that is present in EcoStruxure Power Commission software.
When firmware is uploaded to a device through EcoStruxure Power Commission software, the digital signature of the update package is also automatically verified. This verification is done using the public certificate present in each device.
For security reasons, public certificates are subject to change. Therefore, you must check that the version of EcoStruxure Power Commission software that you use to download and install firmware updates is the latest version. Having the latest version of EcoStruxure Power Commission software means that the public certificates used to sign firmware are up to date.
Certificates that are no longer valid are published on a certificate revocation list (CRL), available on the Schneider Electric official website.
Benefits of Using EcoStruxure Power Commission Software for Firmware Updates
EcoStruxure Power Commission software plays an important part in helping ensure the integrity of your operational technology network during firmware updates. Use only the latest version of EcoStruxure Power Commission software to download and install firmware because it is the only software that can provide the following benefits:
-
When you download firmware packages to the MicroLogic X control unit or ULP module from the official Schneider Electric download center using EcoStruxure Power Commission software, the digital signature of the packages is automatically verified.
-
When you upload firmware to the MicroLogic X control unit or ULP module (using EcoStruxure Power Commission software over a USB connection or through an Ethernet connection), the digital signature of the update package is automatically verified.
The automatic verifications done by EcoStruxure Power Commission software rely entirely on the validity of the public certificate that it uses.
Refer to MicroLogic Trip Units and Control Units - Firmware History for detailed procedures explaining how to update the MicroLogic firmware.