The CitectSCADA v7.20 release includes changes that are designed to reduce the security exposure of the product from external threats via the network. The product features that have been affected are detailed below. Please review the list to understand what effect they may have on your system with regards to the upgrade and design process.
Managing surface area
A set of new configuration parameters have been added to provide control over the CitectSCADA network interfaces. These parameters help you protect your system by allowing control over unused features of the product. The following services can be enabled / disabled: DDE, Remote CTAPI, ODBC, OLEDB and FTP.These services are disabled by default.
User login necessary for control actions
A user is now necessary to be configured and logged in to CitectSCADA to allow the display process to perform a tag write (control) action. Design CitectSCADA projects to avoid Cicode task that perform tag writes that are not issued by a user.
We advise that projects be configured to take advantage of the change to provide increased system security protection. If your system has existing network security protection in place and does not require the additional security protection, it can be turned off using the following parameters to avoid the impact of the changes:
Parameter for the client/display node: [LAN] SecureLogin
Parameter for the server node: [LAN] AllowLegacyConnections (As part of CitectSCADA7.20 this parameter was made obsolete)
These parameters may be necessary during an upgrade process when there is a mix of old and new version CitectSCADA nodes in a running system.