Security Guideline Electric Drive and Controls: Project Planning Manual R911342562

Security Guideline
Electric Drive
and Controls
Project Planning Manual Edition 11

R911342562
Security Guideline Electric Drive and Controls
Title Security Guideline

Electric Drive
and Controls
Type of Documentation Project Planning Manual
Document Typecode DOK-IWORKS-SECURITY***-PR11-EN-P
Internal File Reference RS-b5f38972e046f0990a6846a5005c4277-11-en-US-3
Revision history Edition 11, 2023-02

Refer to tab. 1-1 "Revision history" on page 1
Copyright © Bosch Rexroth AG 2023
All rights reserved, also regarding any disposal, exploitation, reproduction,
editing, distribution, as well as in the event of applications for industrial prop‐
erty rights.
Liability The specified data is intended for product description purposes only and shall
not be deemed to be a guaranteed characteristic unless expressly stipulated
in the contract. All rights are reserved with respect to the content of this docu‐
mentation and the availability of the product.
Editorial Department Development Automation System Control Hardware ThSc (MiNi/PiaSt)
Security Guideline Electric Drive and Controls I
Table of Contents
Table of Contents
Page
1 About this documentation.............................................................................................. 1
2 Glossary......................................................................................................................... 3
3 Introduction.................................................................................................................... 5
3.1 Purpose of this guideline........................................................................................................................ 5
3.1.1 Customer feedback............................................................................................................................. 5
3.2 Guideline structure.................................................................................................................................. 5
3.2.1 Differentiating between "IT security" and "Safety"............................................................................... 6
3.3 IT basic protection.................................................................................................................................. 6
3.4 Known vulnerabilities.............................................................................................................................. 6
4 Security-relevant product description............................................................................. 7

4.1 Overview security support...................................................................................................................... 7
4.2 Systems MTX, XLC and MLC................................................................................................................. 8
4.3 Device properties – controls with operating system VxWorks 6.3.......................................................... 8
4.4 Device properties – Controls with operating systems from VxWorks 6.9 .............................................. 9
4.5 System drive (IndraDrive with and without MLD).................................................................................. 10
4.5.1 Device properties IndraDrive............................................................................................................. 10
4.6 System drive (ctrlX DRIVE).................................................................................................................. 11
4.6.1 ctrlX DRIVE device properties........................................................................................................... 11
4.7 SafeLogic compact (SLc)...................................................................................................................... 12
4.7.1 Device properties SLc Ethernet gateways......................................................................................... 12
4.8 Device properties Sercans.................................................................................................................... 12
4.9 Device properties frequency converter EFC......................................................................................... 12
4.10 Device properties PSI 6000 / PST 6000............................................................................................... 13
4.11 Device properties PRC 7000................................................................................................................ 13
4.12 Device properties ctrlX CORE.............................................................................................................. 14
4.13 Port lists................................................................................................................................................ 15
4.13.1 Port list CML10, CML20, CML40, CMP40, CML65 (with MLC04VRS), CMP60, CMP70................. 15
4.13.2 Port list CML25, CML45, CML65, HCQ micro (MTX)........................................................................ 17
4.13.3 Port list CML75, CML85, XM2*, VPx*................................................................................................ 19
4.13.4 Port list CML75, CML85, XM2*, XM4*, VPx*..................................................................................... 21
4.13.5 Port list ctrlX CORE........................................................................................................................... 23
4.13.6 Port list of the IndraDrive devices...................................................................................................... 24
4.13.7 Port list ctrlX DRIVE.......................................................................................................................... 25
4.13.8 Port list Sercos.................................................................................................................................. 26
4.13.9 PROFINET Gateway port list............................................................................................................. 26
4.13.10 Port list Sercans................................................................................................................................ 27
4.13.11 Port list frequency converter.............................................................................................................. 27
4.13.12 Port list PSI / PST 6000..................................................................................................................... 28
4.13.13 Port list PRC 7000............................................................................................................................. 29
4.14 Devices IndraControl VP*, VE*, VEP*, VCH*, VR* .............................................................................. 30
R911342562_Edition 11 Bosch Rexroth AG

II/49 Security Guideline Electric Drive and Controls
Table of Contents
Page
4.14.1 Devices (IndraControl VP*) with Windows XP, Windows 7, Windows 10......................................... 30
4.14.2 Default Windows ports....................................................................................................................... 31
4.14.3 Devices (IndraControl VE*) with Windows 7 Embedded Standard 32 and 64 bit.............................. 32
4.14.4 Devices (IndraControl VP*) with Windows 7 Embedded Ultimate 32 and 64 bit............................... 32
4.14.5 Devices (IndraControl VP*) with Windows 10 IoT Enterprise LTSB 64 bit........................................ 32
4.14.6 Devices (IndraControl VP*) with Windows 7 Embedded Standard 32 and 64 bit.............................. 32
4.14.7 Devices (IndraControl VP*) with Windows XP 32 bit......................................................................... 33
4.14.8 Devices (IndraControl VR21*) with Windows Embedded compact 7................................................ 33
4.14.9 Devices PR3x / PR4 (IndraControl VR3x / VR4) with Windows 10 IoT Enterprise LTSB 64 bit........ 33
4.14.10 Device (IndraControl VH21) with Windows Embedded compact 7................................................... 34
4.14.11 Devices (IndraControl VE*) with Windows XP embedded 32 bit....................................................... 34
4.14.12 Devices (IndraControl VE*) with Windows Embedded compact 7.................................................... 35
4.14.13 Devices (IndraControl VE*) with Windows CE ................................................................................. 35
4.14.14 Devices (IndraControl VCP*.2) wtih Windows CE 5.0....................................................................... 35
4.14.15 Devices (IndraControl VCH 08.1) with Windows CE 5.0................................................................... 35
4.14.16 Devices (IndraControl VCH 05.1) with Windows CE 6.0................................................................... 36
4.15 Devices PR21 with Linux Ubuntu core 16............................................................................................ 36
4.16 Software................................................................................................................................................ 36
4.16.1 WebConnector, WebComposer......................................................................................................... 36
4.16.2 WinStudio.......................................................................................................................................... 37
4.17 ctrlX CORE apps.................................................................................................................................. 38
4.17.1 Modbus TCP...................................................................................................................................... 38
4.17.2 PROFINET device............................................................................................................................. 38
5 Possible measures....................................................................................................... 39
5.1 Concept of separation........................................................................................................................... 39
5.2 Service measures by third parties........................................................................................................ 39
5.3 Using firewalls....................................................................................................................................... 39
5.4 Using ACLs........................................................................................................................................... 39
5.5 Using ctrlX CORE as VPN client and firewall....................................................................................... 40
6 Final remark................................................................................................................. 41
6.1 Recommendations................................................................................................................................ 41
7 Sources........................................................................................................................ 43
7.1 References........................................................................................................................................... 43
7.2 Further links.......................................................................................................................................... 43
Index............................................................................................................................ 45
Bosch Rexroth AG R911342562_Edition 11

Security Guideline Electric Drive and Controls 1/49
About this documentation
1 About this documentation

Editions of this documentation
Edition Release date Note

Edition 01 2013-11 First edition
Edition 02 2015-01 Additions
Edition 03 2017-04 Introduction chapter revised and references to external information sources added.
New devices added.
Edition 04 2017-05 Notes on krypto trojans and ransom ware added.
Edition 05 2018-07 Devices (IndraControl VE*) added with Windows embedded compact 7
Notes on WebConnector supplemented by reference to WebComposer
Notes on trojans and ransom ware revised
Reference to BSI-IT basic protection modules
System Drive (MLD) added
Edition 06 2019-02 Additions:
● SafeLogic compact
● Software WinStudio
● Frequency converter EFC
Edition 07 2019-07 Additions:
● "General information" on page 7
● chapter 4.1 "Overview security support" on page 7
● chapter 4.13.1 "Port list CML10, CML20, CML40, CMP40, CML65 (with
MLC04VRS), CMP60, CMP70" on page 15
● chapter 4.13.2 "Port list CML25, CML45, CML65, HCQ micro (MTX)" on page
17
● chapter 4.14.9 "Devices PR3x / PR4 (IndraControl VR3x / VR4) with Windows
10 IoT Enterprise LTSB 64 bit" on page 33
● chapter 4.15 "Devices PR21 with Linux Ubuntu core 16" on page 36
● "Physical measures" on page 39
Edition 08 2020-04 New:
● chapter 4.11 " Device properties PRC 7000" on page 13
● chapter 4.13.13 "Port list PRC 7000" on page 29
● chapter 4.10 "Device properties PSI 6000 / PST 6000" on page 13
● chapter 4.13.12 "Port list PSI / PST 6000" on page 28
● chapter 4.12 "Device properties ctrlX CORE" on page 14
● chapter 4.13.5 "Port list ctrlX CORE" on page 23
● chapter 4.6 "System drive (ctrlX DRIVE)" on page 11
● chapter 4.13.7 "Port list ctrlX DRIVE" on page 25
Additions:
● WinStudio, information on OPC/SCP communication, see chapter 4.16.2
"WinStudio" on page 37

2/49 Security Guideline Electric Drive and Controls
About this documentation
Edition Release date Note

09 2021-09 Revision:
● chapter 4 "Security-relevant product description" on page 7
General information "Operating Bosch Rexroth products in networks"
● chapter 4.12 "Device properties ctrlX CORE" on page 14"Operating system"
● chapter 5.5 "Using ctrlX CORE as VPN client and firewall" on page 40
● chapter 7.2 "Further links" on page 43
● chapter 4.6.1 "ctrlX DRIVE device properties" on page 11
● chapter 4.10 "Device properties PSI 6000 / PST 6000" on page 13
● chapter 4.11 " Device properties PRC 7000" on page 13
● chapter 4.13.12 "Port list PSI / PST 6000" on page 28
● chapter 4.13 "Port lists" on page 15
● chapter 4.4 "Device properties – Controls with operating systems from
VxWorks 6.9 " on page 9
chapter 4.13.4 "Port list CML75, CML85, XM2*, XM4*, VPx*" on page 21
● chapter 4.13.5 "Port list ctrlX CORE" on page 23
● chapter 4.17.1 "Modbus TCP" on page 38
● chapter 4.17.2 "PROFINET device" on page 38
Tab. 1-1: Revision history

Glossary
2 Glossary
ACL Access Control List
Access authorizations to computer resources (files and programs) are managed us‐
ing the ACL.
BSI Federal Office for Information Security
"BSI" is part of the division of the German Federal Ministry of the Interior.
DHCP "Dynamic Host Configuration Protocol"
The DHCP service allows the assignment of the network configuration to clients by a
server.
EIS, EIS-WS Embedded Information Service, EIS web server for communication with operating de‐
vices
Firewall A "firewall" is a network safety system in hardware and software to protect against
unauthorized access.
(T)FTP (Trivial) File Transfer Protocol
(T)FTP is a file-oriented Client-Server protocol via a TCP connection. "Trivial" means
that there is no function for rights assignment and user authentication.
ICMP Internet Control Message Protocol
ICMP is used to exchange information and error messages via the internet protocol
(e.g. ping).
ICS Industrial Control System
ICS is a superordinate term describing the different types and forms of control sys‐
tems in industrial systems.
IP Internet protocol
"IP" is a network protocol on the level of the switching layer of the OSI model.
IT security "IT security" is VDI/VDE 2182 the information security in the industrial automation.
MEP Multi Ethernet Platform
OCI Open Core Interface
OSI model Open Systems Interconnection Model
OSI model is a reference model for network protocols.
Ping "Ping" is a diagnostic tool used to diagnose the accessibility of a device using an IP
address or the network name.
Port The port is part of a network address used to assign TCP and UDP connections be‐
tween client and server.
RADIUS Remote authentication dial-in user service
Client-server protocol used to authenticate, authorize and account users during dial-
in connections to a computer network.
Router A "router" is a network device to couple computer networks.
Switch A "switch" is a coupling element to connect network segments.
telnet "Telnet" is a character-oriented client-server protocol via a TCP connection.
TCP Transmission Control Protocol
"TCP" is a connection-oriented network protocol on the transport layer of an OSI
model.

Glossary
UDP User datagram protocol

"UDP" is a minimum connection-less network protocol of the transport layer of an OSI
model.
Encryption "Encryption" describes the conversion of clear text to encrypted text by using a secret
key.
VPN Virtual Private Network
"VPN" is self-contained network using another network infrastructure.
Viruses "Viruses" are malware that impair functions or intercept data on a computer.
WLAN Wireless Local Area Network
"WLAN" is a wireless local network.
(Digital) certificate A digital certificate confirms properties of persons or objects and their authenticity
and integrity using cryptographic methods.

Introduction
3 Introduction
The topic "IT security" has not been a priority in manufacturing plants. Con‐
trols and systems have been developed and operated under functional as‐
pects.
Due to the increased use of network components, their specific properties
and requirements as well as the discrepancy to existing network structures
and requirements in the office environment, the "IT security" topic becomes
more important.
The requirements of "Industry 4.0" and "Internet of things", assuming a com‐
plete networking of all objects, IT security is a requirement for safe and trou‐
ble-free operation.
The requirements regarding IT security are divided into organizational and
technical aspects.
In order to set up and operate a secure IT system, the network properties of
the components used have to be known. Providing and exchanging informa‐
tion and documentations is necessary to facilitate the implementation of IT
security concepts and solutions for all parties involved (manufacturer, integra‐
tor and operator).
Operating systems and machines requires the implementation of

a comprehensive concept for state-of-the-art IT security.
Bosch Rexroth products are part of this comprehensive concept
and have to be taken into consideration with regard to their prop‐
erties in a comprehensive IT security concept.
The directive VDI 2182 is used as basis for this approach.
3.1 Purpose of this guideline

The purpose of this guideline is to provide the following information:
● Special information for safe operation of IT systems and devices by
Bosch Rexroth
● General information about "IT security" in manufacturing plants
With this information, the user can take network-technical or organizational
measures, select device settings to integrate and safely operate the used
products.
3.1.1 Customer feedback

Customer requests, comments or suggestions for improvement are of great
importance to us. Please email your feedback on the documentations to
Feedback.Documentation@boschrexroth.de. Directly insert comments in the
electronic PDF document and send the PDF file to Bosch Rexroth.
3.2 Guideline structure

First, general IT security aspects are described, including a description to dis‐
tinguish IT security from safety.
In the main part of this guideline, the Bosch Rexroth devices and systems are
described from the perspective of IT security. Part of this description are the
listing and description of system properties and a list of protocols and the
used ports. This part is concluded with options to integrate and operate these
products in the network.

Introduction
The conclusion provides information about the general specifications about

the "IT security" topic and information sources.
3.2.1 Differentiating between "IT security" and "Safety"

The differentiation to safety is explained in the next table.
Contrasting the terms "Safety" and "IT security"
Safety IT security
Protection of humans and environment. Protection from humans and environ‐

ment.
Only a potential, calculable persons re‐ Many potential, sporadically uncalculable
sponsible. persons responsible.
Hazard acts internally to externally. Hazard acts externally to internally.
Functional safety guarantees disturb‐ IT security ensures confidentiality, integ‐
ance-free and hazard-free function rity and availability of information
Guidelines and binding law Guidelines incomplete and no laws
3.3 IT basic protection

The BSI (German Federal Office for Information Security) regularly publishes
reports about the current threat situation and provides information about the
IT basic protection. The IT basic protection modules of the BSI, contained in
the IT basic protection compendium are divided into ten layers and contain
information about different topics regarding information security - ranging
from applications (APP), industrial IT (IND) to safety management (ISMS).
All VDI members can request more information about IT basic protection from
the BSI.
On the ICS-CERT pages, information can be found under “Recommended
Practices”.
chapter 7.2 "Further links" on page 43
3.4 Known vulnerabilities

Information about vulnerabilities that became known are published on
Rexroth websites as well as on websites of the Bosch Product Security Inci‐
dent Response Team(PSIRT). Bosch PSIRT is the central contact to replace
safety-relevant information in Bosch products.
chapter 7.2 "Further links" on page 43

Security-relevant product description
4 Security-relevant product description

General information The following sections describe the security-relevant aspects of Bosch
Rexroth products. Security-relevant aspects are the list of the used ports,
their use and special features. This information supports the user in configur‐
ing and operating the devices and systems by complying with IT security.
WARNING Operating Bosch Rexroth products in net‐

works
Unless documented otherwise, Bosch Rexroth products are exclusively inten‐
ded for operation in locally, physically and logically secured networks, with
access limitation to authorized persons and not classified according to IEC
62443-4-2.
4.1 Overview security support

Overview security support of the devices and the software of the drive and
control systems.
System and software XLC, MLC and MTX ctrlX IndraDrive ctrlX DRIVE SafeLogic
CORE with and with‐ compact
out MLD
Device CML10 CML75 VE* XC* Kxx02 XCD SLC-3-CPUx

CML20 CML85 VP* KMVxx XVR SLC-3-GS3S
CML40 XM2* VCP*.2 HMVxx XMS SLC-0-GPNT
CML25 XM4* VEH**.1 HMS0x XMD
CML45 VPx VR21** HMD01 XCS
CML65 HCS0x
CMP40
CMP60
CMP70
MTXmicro
Security support No From No Yes From No No
FWA MPx20V12
14V18
and
IndraWork
s 14V18

Overview security support of the devices and the software of the drive and
control systems.
System and software Frequency con‐ Welding control WebConnector IoT Gateway WinStudio
verter
Device EFC PSI 6000 VP* XM2* VE*

PST 6000 VEP with Win7 PR21 VP*
PRC 7000 emb. VCP*.2
XM2* (only from VEH**.1
14V20)
VR21**
PR3x / VR3x
PR4 / VR4
Security support No With PRC 7000 Yes Yes No
4.2 Systems MTX, XLC and MLC

MTX, XLC and MLC are part of the VxWorks-based systems.
VxWorks is a real-time operating system used on the IndraControl L, XM and
VPx control types.
Special conditions during commissioning and operation apply to IndraControl
CML10, CML20, CML40, CML40.2, CML25, CML45, CML65, CMP40,
CMP60, CMP70, MTXmicro devices with the operating system VxWorks 6.3.
Reasons for the special conditions with VxWorks 6.3:
● In the operating system, no IT security measures such as firewalls or
anti-virus software is implemented.
● Functionally, IT security measures can sporadically not be implemented
and installed.
● In the basic settings, the network ports for FTP, Telnet and debugging
are accessible.
● As additional network functionalities such as "routing" and "NAT" are im‐
plemented on these devices, network security measures have to be im‐
plemented to ensure safe operation of the devices.
● VxWorks 6.3 only provides a limited user management
In case of the control types CML75 , CML85, XM2, XM4 and VPx, the real-
time operating system VxWorks 6.9 is used with the following properties:
● In the basic settings, the network port for FTP is opened due to compati‐
bility reasons
● VxWorks 6.9 provides support to implement further security mecha‐
nisms.
● As additional network functionalities such as "routing" and "NAT" are im‐
plemented on these devices, network security measures have to be im‐
plemented to ensure safe operation of the devices.
4.3 Device properties – controls with operating system VxWorks

6.3
The following controls are affec‐ ● CML10
ted:
● CML20

● CML25
● CML40
● CML40.2
● CML45
● CML65
● CMP40
● CMP60
● CMP70
● MTX micro
Debug access By default, the debug port is open. The Wind-River-Debug-Agent (WDB
agent) is active.
Telnet server The Telnet server is active (the Telnet port is open.)
The login name and the password are integrated in the runtime system. The
password is encrypted (Wind-River encryption "vxencrypt.exe").
FTP server The FTP server is active. (The FTP port is open.)
FTP server access with a "anonymous" user is implemented. This user has
read access to the USER drive.
password is encrypted (Wind-River encryption " vxencrypt.exe").
More information ● An SNTP client application is available.
● A TFTP client application is available.
● The system does not have a local firewall.
● The ICMP functionality is implemented.
● Only an Ipv4 stack is implemented.
● The OpenCore interface MLPI is implemented for CML25, CML45,
CML65 from firmware version 13VRS
Network infrastructure compo‐ Within the operating system kernel, the functions required for operation for
nents the network infrastructure and the connection of different Ethernet-based bus
systems, also field buses (Sercos, Profinet) and their data exchange, router
and switch components are integrated. The configuration depends on the ap‐
plication and is executed by the user by means of Engineering tools.
In particular, take the field buses into consideration which implicit‐

ly allow for tunneling standard IP protocols within the field bus
protocol. Please note the field bus-specific documentations.
4.4 Device properties – Controls with operating systems from

VxWorks 6.9
The following controls are affec‐ ● CML75
ted:
● CML85
● XM2*
● XM4*
● VPx*
Debug access By default, the debug port is closed. The debugger can be enabled for OCI
development. Please ensure to disable the debugger after completion of the
development activities.

Telnet server The Telnet server is disabled (the Telnet port is closed). Instead, the user can
access the control via SSH.
SSH server The command line provided by Telnet is now provided via SSH. The "Telnet"
protocol is disabled due to safety reasons and is not available anymore from
version 14V18 on the previously mentioned controls. The SSH server is ac‐
tive on devices from firmware version 14V18.
FTP server In delivery state, the FTP server is active on the control. (The FTP port is
open.) A prompt is displayed, informing the user that this unsafe service can
be disabled when creating the control.
FTP server access with a "anonymous" user is implemented. This user has
read access to the USER drive.
password is encrypted (Wind-River encryption "vxencrypt.exe").
SFTP server The Secure File Transfer Protocol (SFTP) is accessed as mechanism for
safe data transfer. The SFTP is part of the SSH- service and provides the
same safety mechanisms. Many known clients such as WinSCP (Windows)
or Filezilla (Windows, Linux, Mac OS) support the data transfer via SFTP. In
delivery state, the SFTP server is active.
MLPI / MLPIS server The OpenCore interface Motion Logic Programming Interface (from firmware
13VRS) as well as the safe variant MLPIS (from firmware 14V20 , only MLC
and XLC) are active in the state upon delivery.
If MLPIS is available, MLPI can be deactivated. It is recommended to do this
and use MLPIS.

4.5 System drive (IndraDrive with and without MLD)

IndraDrive uses a real-time operating system. For these devices, special con‐
ditions apply to commissioning and operation. Reasons for special conditions
are: In the operating system, no IT security measures such as firewalls or an‐
ti-virus software is implemented.
and installed.
● In the basic settings, the available ports are accessible.
● As additional network functionalities such as routing is implemented on
these devices, network security measures have to be implemented to
ensure safe operation of the devices.
● IndraDrive does not provide any user management.
4.5.1 Device properties IndraDrive

Telnet server ● The Telnet server is active (the Telnet port is open.)
● The login name and the password are integrated in the runtime system.
The password can be overwritten with a customer password by the
user.

FTP server ● The FTP server is active (the FTP port is open).
● Access via the FTP server is implemented with an "anonymous" user
and a standard user.
● Both users have read access to the USER drive. The standard user also
has write access to the USER drive.
● The login names and the password are integrated in the runtime sys‐
tem. The password can be overwritten with a customer password by the
user
More information ● The system does not have a local firewall.
● The TFTP client application is available in IndraDrive Advanced devices.
● The ICMP functionality is implemented.

4.6 System drive (ctrlX DRIVE)

ctrlX DRIVE uses a real-time operating system For these devices, special
conditions apply to commissioning and operation. Reasons for special condi‐
tions are:
● In the operating system, no IT security measures such as firewalls or
anti-virus software is implemented
and installed
● The available ports are accessible
ensure safe operation of the devices
● ctrlX DRIVE does not provide any user management
4.6.1 ctrlX DRIVE device properties

tftp server ● The tftp server is active
● The firmware is loaded via tftp
SIP server ● The SIP server is active
● Parameters are exchanged via the SIP server (e.g.: configuration of the
drive firmware)
More information: ● The ICMP functionality is implemented
● There is the option to protect a parameter group.
The user level parameter password.
Network infrastructure Within the operating system kernel, the functions required for operation for
components the network infrastructure and the connection of different Ethernet-based bus

systems are integrated. The integration also affects field buses (Sercos,
Ethercat) and their data exchange as well as router and switch components.
The configuration depends on the application and is executed by the user by
means of Engineering tools.

More information: The Secure Configuration Manual ctrlX DRIVEplus documentation describes
how to configure the device to comply with the requirements according to IEC
62443-4-2 Security Level 2 (SL2), see: Download in the Rexroth media direc‐
tory
4.7 SafeLogic compact (SLc)

A SafeLogic compact station consists of a CPU modules and optionally up to
2 gateway modules (Sercos, PROFINET) as well as 12 extension modules
(I/O modules, Drive Monitor). No IT security measures such as firewalls or
anti virus software are implemented.
The SLc CPU does not have any network-compatible interfaces. Ethernet-
based communication to Engineering-PC or a superordinate control is realiz‐
ed via a Sercos gateway SLC-3-GS3S or PROFINET gateway SLC-0-GPNT.
● The available ports are accessible.
ensure safe operation of the devices.
4.7.1 Device properties SLc Ethernet gateways

Telnet server The Telnet server is active (the Telnet port is open)
FTP server The FTP server is active (the FTP port is open).
An access via an FTP server is implemented with a "anonymous" user.
Network infrastructure compo‐ In particular, take the field buses into consideration which implicitly allow for
nents tunneling standard IP protocols within the field bus protocol.
4.8 Device properties Sercans

Sercans is part of Linux-based systems The used Linux version is Ubuntu
4.4, extended to a real-time operating system by a preempt-rt-patch. It is
used in Sercans variants L and S.
Debug access By default, the debug port is closed.
SSH server A command line is provided by SSH. The SSH server is active.
SFTP server The Secure File Transfer Protocol (SFTP) is accessed as mechanism for file
transfer. In the delivery state, the SFTP server is inactive and has to be ena‐
bled before updating the firmware. The firmware is updated automatically if
the updated is executed by means of IndraWorks Ds.
4.9 Device properties frequency converter EFC

Devices with multi Ethernet expansion card
Telnet server A MultiEthernetPlatform is not equipped with a Telnet server
FTP server A MultiEthernetPlatform is not equipped with an FTP server
TFTP server The TFTP server is active (TPTP port is open)

The MultiEthernetPlatform only accepts certain file names. Other files are re‐
jected.
More information ● The system is not equipped via a local firewall.
● The ICMP functionality is implemented

4.10 Device properties PSI 6000 / PST 6000

FTP server ● The FTP server is active (the FTP port is open)
● The FTP server access is implemented with a standard user
● The user has read/write access to a specified home directory
● Login name and password are integrated in the runtime system and
cannot be modified
systems are integrated. The integration also affects field buses (Ethernet-IP,
Profinet) and their data exchange as well as router and switch components.

4.11 Device properties PRC 7000

FTP server Up to firmware version 1.10.x
● The FTP server is active (the FTP port is open)
cannot be modified
SFTP server From firmware version 1.11, replaces the FTP server
● The SFTP server is active (the FTP port is open)
cannot be modified
SSH server ● The SSH server is active (the SSH port is open)
● An access via the SSH server is implemented with a standard user

● The user has read/write access to PRC 7000

cannot be modified
systems are integrated. The integration also affects field buses (Sercos,
Profinet) and their data exchange as well as router and switch components.

4.12 Device properties ctrlX CORE

Operating system ctrlX CORE controls are Linux-based systems.
By using patch "preempt-rt", the Ubuntu operating system of ctrlX CORE is
extended to a real-time operating system.
Overview table of the used Ubuntu versions
ctrlX CORE version Ubuntu version
XCR-V-0108 Ubuntu Core 18.04 LTS

The operating system is secured via the "Secure Boot" functionality.

Secure boot ensures that only the operating system provided by Bosch
Rexroth can be loaded on the operating system.
SSH server The SSH server is active (the SSH port is open).
From version XCR-V-0116, the SSH server is disabled on the ctrlX device by
default. After activating the SSH server, only "System User" users can con‐
nect to the ctrlX device via SSH, whose user account has previously been
created on the device via a system user assertion file.
Network infrastructure
components In particular, take the field buses into consideration which implicit‐
More information: Other server services can be used depending on the apps installed on the
device. For more information, refer to the documentation of the relevant app.
see web documentations.

4.13 Port lists

In the following port lists, all ports on which server services are offered are
listed. In the delivery state, the specific version on the different devices and
systems are contained in the following tables.
In the columns "Required for…", "Operation", "Commissioning" and "Service"
it is specified in which phase the ports for the respective functions are re‐
quired.
In the column "Can be disabled", it is specified if the port can be disabled in
the application configuration by the end user.
4.13.1 Port list CML10, CML20, CML40, CMP40, CML65 (with MLC04VRS),
CMP60, CMP70
Port Protocol Service Status Required for ... [Y/N]
Can be disa‐
Remark Commis‐
Operation Service bled [Y/N]
sioning
Ping
SystemSta‐
- ICMP tusDiagnos‐ open - N Y Y N
tic
Echo
20,21 TCP ftp open - N N N Y
23 TCP telnet open - N N Y N
69 UDP TFTP open - Y Y Y N
HTTP
80 TCP open - Y Y Y N
IMST
Port map‐
111 TCP, UDP open - Y Y Y N
per
CMP40,
CMP60,
123 TCP NTP open CMP70, Y Y Y N
CML40 (on‐
ly MTX)
Modbus/TC
502 - 504 TCP open Y Y Y N
P
CMP40,
CMP60,
dynamic
512 - 1023 UDP open CMP70, Y Y Y N
NFS
CML40 (on‐
ly MTX)


Can be disa‐
Remark Commis‐
sioning
ComServer/
EIS
Dynamic
1024+ TCP setup of open - Y Y Y N
new con‐
nections
from this
port
CML10,
IndraLogic CML20,
1200 TCP open Y Y Y Y
Gateway CML40,
CML65
CML10,
Parameter CML20,
1201 UDP open Y Y Y N
manager CML40,
CML65
CML10,
Network CML20,
1202 UDP open Y Y Y Y
variable CML40;
CML65
Program‐
IndraLogic ming de‐
1317 TCP <-> Gate‐ open vice, visual‐ Y Y Y N
way ization de‐
vice
CML10,
Gateway <- CML20,
1740 - 1743 UDP open Y Y Y N
> Device CML40,
CML65
MTX:
CML40,
2049 UDP NFS open CMP40, Y Y Y N
CMP60,
CMP70
CML10,
IwSCP /
5000 - 5003 TCP open CML20, Y Y Y N
SIS
CML40
ComServer/
6040 UDP open - Y Y Y N
EIS (HMI)
ComServer/
EIS (HMI)
CML40,
6091 TCP RoCo V1 open - - - -
CML65


Can be disa‐
Remark Commis‐
sioning
MTX:
CML40,
Debug
10098 TCP open CMP40, N Y Y N
menu
CMP60,
CMP70
MTX:
CML40,
NCS con‐
10099 TCP open CMP40, Y Y Y N
nection
CMP60,
CMP70
MTX:
CML40,
System di‐
10110 UDP open CMP40, Y Y Y N
agnostics
CMP60,
CMP70
MTX:
10100 , Monitor CMP40,
UDP open N Y Y N
10101 connection CMP60,
CMP70
MTX:
Dynamic CML40,
10200 -
UDP NFS con‐ open CMP40, Y Y Y N
10300
nection CMP60,
CMP70
Wind River
17185 UDP open - N N N Y
Debug port
CML10,
49154 TCP Scope tools open CML20, - - - -
CML40
4.13.2 Port list CML25, CML45, CML65, HCQ micro (MTX)

Can be disa‐
Remark Commis‐
sioning
Ping
SystemSta‐
tic
Echo
21 TCP ftp open - Y Y Y N
69 UDP TFTP open Only MLC N Y Y N
http / EIS-
WS


Can be disa‐
Remark Commis‐
sioning
Port map‐
111 - open Only MTX Y Y Y N
per
123 TCP NTP open Only MTX Y Y Y N
Modbus/TC
502 - 504 TCP open - Y Y Y N
P
dynamic
512 - 1023 UDP open Only MTX Y Y Y N
NFS
1024+ TCP EIS open - Y Y Y N
open|
1740 - 1743 UDP Gateway - Y Y Y N
filtered
2049 UDP NFS open Only MTX Y Y Y N
4840 TCP OPC UA open - Y Y Y N
IwSCP /
5000 - 5003 TCP open - Y Y Y N
SIS
5300 TCP MLPI open Not MTX Y Y Y N
ComServer/ open|
6040 UDP - Y Y Y N
EIS (HMI) filtered
ComServer/
EIS (HMI)
Debug
10098 TCP open Only MTX N Y Y N
menu
NCS con‐
10099 TCP open Only MTX Y Y Y N
nection
Emergency
10099 UDP open Only MTX Y Y Y N
channel
System di‐
agnostics
Dynamic
10200 -
UDP NFS con‐ open Only MTX Y Y Y N
10300
nection
ILNG.On‐ open|
11001 UDP -
line filtered
11740, IndraLogic
TCP open - Y Y Y N
11741 Gateway
Wind River
17185 UDP open - N N N N
Debug port
SIP, Sercos
35021 TCP NRT server open Y Y Y N
port

4.13.3 Port list CML75, CML85, XM2*, VPx*

up to including firmware 14V16

Can be disa‐
Remark Commis‐
Operation Sevice bled [Y/N]
sioning
Ping
SystemSta‐
tic
Echo
21 TCP ftp open - Y Y Y N
http / EIS-
WS
MTX:
Port map‐
111 TCP, UDP open CML75, Y Y Y N
per
CML85
123 TCP NTP open Only MTX Y Y Y N
443 TCP https open Not CML75 - Y Y N
Modbus/TC
502 - 504 TCP open - - Y Y Y
P
dynamic
512 - 1023 UDP open Only MTX Y Y Y Y
NFS
open|
972 UDP - Only VPx* - - - -
filtered
open|
974 UDP - Only VPx* - - - -
filtered
open|
980 UDP - Only VPx* - - - -
filtered
open|
982 UDP - Only VPx* - - - -
filtered
open|
984 UDP - Only VPx* - - - -
filtered
open|
985 UDP - Only VPx* - - - -
filtered
open|
988 UDP - Only VPx* - - - -
filtered
open|
990 UDP - Only VPx* - - - -
filtered
open|
994 UDP - Only VPx* - - - -
filtered


Can be disa‐
Remark Commis‐
sioning
open|
996 UDP - Only VPx* - - - -
filtered
open|
1000 UDP - Only VPx* - - - -
filtered
open|
1004 UDP - Only VPx* - - - -
filtered
1024+ TCP EIS open - Y Y Y Y
open|
1740 UDP Gateway - Y Y Y N
filtered
open|
filtered
open|
1742 UDP Gateway Only VPx* Y Y Y N
filtered
IwSCP /
5000 - 5003 TCP open - Y Y Y N
SIS
5300 TCP MLPI open Not MTX Y Y Y N
ComServer/ open|
6040 UDP Not XM2* Y Y Y N
EIS (HMI) filtered
ComServer/
EIS (HMI)
Rerouting
8080 TCP open Not CML75 - - - -
to https
Debug
menu
NCS con‐
nection
Emergency
channel
System di‐
agnostics
Dynamic
10200 -
10300
nection
ILNG.On‐ open|
11001 UDP - - - - -
line filtered
11740, IndraLogic
TCP open - Y Y Y N
11741 Gateway


Can be disa‐
Remark Commis‐
sioning
Wind River open|
17185 UDP - N N N N
Debug port filtered
SIP, Sercos
port
4.13.4 Port list CML75, CML85, XM2*, XM4*, VPx*

from firmware 14V18

Can be disa‐
Remark Commis‐
sioning
Ping
SystemSta‐
tic
Echo
21 TCP ftp open - N N N Y
22 TCP ssh, sftp open - Y Y Y Y
http / EIS-
80 TCP open - - - - -
WS
MTX:
Port map‐
111 TCP, UDP open CML75, Y Y Y N
per
CML85
443 TCP https open Not CML75 - Y Y N
Modbus/TC
502 - 504 TCP open - Y Y Y N
P
dynamic
512 - 1023 UDP open Only MTX Y Y Y N
NFS
open|
974 UDP - Only VPx* - - - -
filtered
open|
976 UDP - Only VPx* - - - -
filtered
open|
978 UDP - Only VPx* - - - -
filtered
open|
982 UDP - Only VPx* - - - -
filtered
open|
984 UDP - Only VPx* - - - -
filtered


Can be disa‐
Remark Commis‐
sioning
open|
986 UDP - Only VPx* - - - -
filtered
open|
990 UDP - Only VPx* - - - -
filtered
open|
994 UDP - Only VPx* - - - -
filtered
open|
996 UDP - Only VPx* - - - -
filtered
open|
998 UDP - Only VPx* - - - -
filtered
open|
1000 UDP - Only VPx* - - - -
filtered
open|
1004 UDP - Only VPx* - - - -
filtered
1024+ TCP EIS open - Y Y Y N
open|
filtered
open|
filtered
open|
1742 UDP Gateway Only VPx* Y Y Y N
filtered
5000 - 5003 TCP SIS: open - Y Y Y N
5300 TCP MLPI open Not MTX Y Y Y Y
5335 TCP MLPIS open Not MTX Y Y Y Y
ComServer/ open|
6040 UDP - Y Y Y N
EIS (HMI) filtered
ComServer/
EIS (HMI)
Rerouting
8080 TCP open Not CML75 - - - -
to https
Debug
menu
NCS con‐
nection


Can be disa‐
Remark Commis‐
sioning
Emergency
channel
System di‐
agnostics
Dynamic
10200 -
10300
nection
ILNG.On‐ open|
11001 UDP - - - - -
line filtered
Wind River open|
17185 UDP - N N N Y
Debug port filtered
SIP, Sercos
port
4.13.5 Port list ctrlX CORE

Can be disa‐
Port Protocol Service Status Remark Required for ... [Y / N]
bled [Y/N]
Commis‐
Operation Service
sioning
open
22 TCP SSH default is Remote ter‐ N Y Y Y

closed from minal
V-0116
Rerouting
80 TCP HTTP open N Y Y N
to port 443
If Profinet
Device
161/162 TCP / UDP SNMP open N Y Y N
Snap is in‐
stalled
Device ad‐
443 TCP HTTPS open ministration N Y Y N
web server
If Modbus
TCP Snap
is installed
and if the
502 TCP Modbus open Y Y Y N
configura‐
tion has
been cre‐
ated
2069 , 2070 TCP - open Data layer Y Y Y N

Can be disa‐
Port Protocol Service Status Remark Required for ... [Y / N]
bled [Y/N]
If OPC UA
4840 TCP OPC UA open Snap is in‐ Y Y Y Y
stalled
CoDeSys; if
11740 ,
TCP Gateway open PLC Snap Y Y Y N
11741
is installed
dynamic
TCP UPnP open - Y Y Y N
>3xxxx
dynamic
TCP UPnP open - Y Y Y N
>4xxxx
If Profinet
Profinet RT Device
34962 TCP / UDP open Y N N N
Unicast Snap is in‐
stalled
If Profinet
Profinet RT Device
Multicast Snap is in‐
stalled
If Profinet
Profinet
Device
34964 TCP / UDP Context open Y N N N
Snap is in‐
Mgr.
stalled
Profinet If Profinet
Connection Device
Establish‐ Snap is in‐
ment stalled
4.13.6 Port list of the IndraDrive devices

(with/without MLD)

Can be disa‐
Remark Commis‐
sioning
Ping
SystemSta‐
tic
Echo
Access opt.
20 / 21 TCP ftp open Y Y Y J*
SD
23 TCP telnet open N N Y J*
69 UDP TFTP open FW update Y Y Y J*
http / EIS-
80 TCP open IDST Y Y Y J*
WS


Can be disa‐
Remark Commis‐
sioning
CoDeSys
1200 TCP communi‐ open - - - -
cation
Available in
FW ver‐
sions
Network MPx02 to
variable MPx17
Optional
package
MLD
1740 - 1743 UDP open Y Y Y N
Broadcast
5002 TCP SIS server open Y Y Y J*
ComServer/
6040 UDP open Y Y Y J*
EIS (HMI)
ComServer/
6042 TCP open Y Y Y J*
EIS (HMI)
11740 - MLD con‐
TCP open Y Y Y N
11743 nections
35021 TCP S/IP open Y Y Y N
35021 UDP S/IP open Y Y Y N
Trace
51000 TCP open N N Y N
(MEP)
TCP con‐
sole (MEP)
Tab. 4-1: * The port can only be disabled from MPx-20V12 via parameter
P-0-1535 (IP communication settings).
4.13.7 Port list ctrlX DRIVE

These ports can be accessed via USB (via control unit) or via Ethernet port.
Can be disa‐
Port Protocol Service Status Remark Required for...[Y/N]
bled [Y/N]
Commis‐
Operation Service
sioning
- ICMP Ping open - N Y Y N
Firmware
69 UDP TFTP open N Y Y N
update
Only active
161 , 162 UDP SNMP open if Profinet is Y N N N
active

Can be disa‐
Port Protocol Service Status Remark Required for...[Y/N]
bled [Y/N]
Optional
CoDeSys package
1202 UDP network open Depending Y Y Y N
variables on the user
application
CoDeSys Optional
1217 TCP open N Y Y N
Engineering package
Drive simu‐
UDP/IP virt.
10000 UDP open lation N Y N N
Field bus
(WEM+)
11740 - CoDeSys Optional
TCP open N Y Y N
11743 Engineering package
35021 TCP S-IP open - Y Y Y N
35021 UDP S-IP open - Y Y Y N
4.13.8 Port list Sercos

Gateway SLC-3-GS3S
Can be disa‐
Port Protocol Service Status Remark Required for ... [Y/N]
bled [Y/N]
Commis‐
Operation Service
sioning
23 TCP telnet open - - - - -

open|fil‐
69 UDP TFTP - - - - -
tered
open|fil‐
3908 UDP - - - - -
tered
5002 TCP SIS: open - - - - -
SafeLogic
Designer-
9000 TCP open - - - - -
Communi‐
cation
Safe Logic
Designer- open|fil‐
30718 UDP - - - - -
Scan serv‐ tered
ice
35021 TCP S/IP open - - - - -
open|fil‐
35021 UDP S/IP - - - - -
tered
open|fil‐
48232 UDP - - - - - -
tered
4.13.9 PROFINET Gateway port list

Gateway SLC-0-GPNT

Can be disa‐
bled [Y/N]
Commis‐
Operation Service
sioning
23 TCP telnet open - - - - -

80 TCP http open - - - - -
open|fil‐
161 UDP SNMP - - - -
tered
open|fil‐
1024 UDP - - - - -
tered
4606 TCP open - - - - -
4607 TCP open - - - - -
open|fil‐
8160 UDP - - - - -
tered
open|fil‐
8161 UDP - - - - -
tered
SafeLogic
Designer-
9000 TCP open - - - - -
Communi‐
cation
open|fil‐
9011 UDP - - - - -
tered
9100 TCP open - - - - -
SafeLogic
Designer- open|fil‐
30718 UDP - - - - -
Scan serv‐ tered
ice
open|fil‐
34962 UDP - - - - -
tered
open|fil‐
34964 UDP - - - - -
tered
4.13.10 Port list Sercans

Can be disa‐
bled [Y/N]
Commis‐
Operation Service
sioning
22 TCP SSH open - - - - -

If server is
22 TCP SFTP open - - - Y
active
35021 TCP, UDP S/IP open Y Y Y Y
4.13.11 Port list frequency converter

EFC with Multi Ethernet Platform(MEP)

Can be disa‐
bled [Y/N]
Commis‐
Operation Service
sioning
Ping
SystemSta‐
tic
Echo
MEP firm‐
69 UDP TFTP open ware up‐ Y Y Y N
date
Modbus/TC
502 TCP open* J* J* N N
P
User-de‐
Modbus/TC fined port
x TCP closed J* J* N Y
P number
(H3.51)
EtherNet/IP
2222 UDP EtherNet/IP open* Implicit J* J* N N
Mes-saging
PROFINET
Connect
34964 UDP PROFINET open* Manager J* J* N N
and RPC
handler
35021 TCP Sercos/IP open Engineering Y Y Y N
35021 UDP Sercos/IP open Engineering Y Y Y N
EtherNet/IP
44818 TCP EtherNet/IP open* Explicit J* J* Y N
Mes-saging
Trace
(MEP)
TCP Con‐
sole (MEP)
Tab. 4-2: * = only if the corresponding field bus type of the MultiEthernetPlat‐
form was enabled
4.13.12 Port list PSI / PST 6000

Can be disa‐
bled [Y/N]
Commis‐
Operation Service
sioning
21 TCP ftp open PSUpdate Y/N Y Y Y
80 / dynam‐
TCP http open PSUpdate Y/N Y Y Y
ic

Can be disa‐
bled [Y/N]
Communi‐
5001 UDP open cation Y Y Y N
PSI<->BOS
Communi‐
5002 - 5130 UDP open cation Y Y Y N
PSI<->BOS
Communi‐
UISe‐
5131 - 5259 UDP open cation Y/N Y Y N
tupV2.0
PSI<->BOS
from ver‐
5270 -52xx UDP PSUpdate open N Y N
sion 3.1.0.0
dynamic
UDP PSUpdate open N N
from port 0
4.13.13 Port list PRC 7000

Can be disa‐
bled [Y/N]
Commis‐
Operation Service
sioning
Disabled
from FW
21 TCP ftp open Y Y Y N
version
1.11
22 TCP ssh , sftp open - Y Y Y N
Can be dis‐
abled from
80 TCP http open Y/N Y Y Y
FW version
1.11.9.0
Communi‐
protocol
4711 TCP open cation Y Y Y N
buffer
PRC<->PRI
PRC detec‐ detection of
tion other PRC
From FW
version
1.11.3
6060 TCP Webserver open can be dis‐ Y/N Y Y Y
abled from
FW version
1.11.9.0
open
MQTT Cli‐ if MQTT
8883 TCP encrypted Y Y Y Y
ent Gateway is
active

Can be disa‐
bled [Y/N]
IndraLogic
Gateway
Disabled
from FW
version
1.11.4
11740 TCP open N N Y Y
can be dis‐
abled by
the user
from FW
version
1.11.9.0
open
MQTT Cli‐ if MQTT unencryp‐
1883 TCP Y Y Y Y
ent Gateway is ted
active
4.14 Devices IndraControl VP*, VE*, VEP*, VCH*, VR*

● The Windows-based systems (XP, XPembedded, Windows 7, Windows
10, CE) are provided with preset firewall, services and applications.
● An anti virus software is not installed.
Rexroth does not conduct any compatibility tests and does not recom‐
mend any anti virus software!
Factors impacting the runtime behavior and the software component op‐
eration can only be determined by tests in the individual case. The end
user is responsible to take resulting measures.
● A patch management of the operating system is not provided. The cur‐
rently provided operating system version contains the patch version of
the manufacturer (Microsoft). This version is checked and released us‐
ing the respective system software for correct functionality.
● No BIOS passwords are set on devices.
● The default users and passwords of the devices can be found in the
product documentation.
After commissioning, immediately change the default passwords.
● Users and passwords created by Telnet and FTP independent of the

operating system can be found in the chapter "communication settings".
Make changes according to the respective system documentation.
4.14.1 Devices (IndraControl VP*) with Windows XP, Windows 7,

Windows 10
The aim of the operating system configuration for use in the industrial field
has to be to only use the required applications, services and communication
accesses. This configuration increases the total system stability and results in
minimizing the possible targets. In the following, the Windows tools used for
configuration are explained.

The following security-relevant settings can be selected by configuring the

"Local Policies": Control Panel ▶ Administrative tools ▶ Local Policies.
● Managing the access rights to directories, files and functions
● Configuring the password properties
● Configuring the software restrictions (whitelisting)
More measures:
● Preventing automatic application start on removable data carriers (USB
data carrier, CD, DVD), see:
https://support.microsoft.com/en-gb/kb/967715
● Using the "Enhanced-Write-Filter" (XP and 7), see
https://learn.microsoft.com/en-us/windows-hardware/customize/enter‐
prise/uwf-wes7-ewf-to-win10-uwf
More filters and individual settings, see
http://msdn.microsoft.com/en-us/library/ff794908%28v=winembedded.
60%29.aspx.
● Configuring the Windows firewall
Windows 7, see
https://support.microsoft.com/en-us/office/what-is-a-fire‐
wall-6870c88d-69b6-4db4-9cb1-0e4afa7a8603
Windows XP, see
http://technet.microsoft.com/en-us/library/cc875811.aspx
● Windows Security general information
https://technet.microsoft.com/en-us/security
Always install the current Windows safety update on your devi‐

ces.
Krypto trojans and ransom ware use different vulnerabilities in the
operating system and the software. The BSI and ICS-CERT regu‐
larly publish information about vulnerabilities and measures
against possible violation of these vulnerabilities.chapter 7.2
"Further links" on page 43
Disconnect the devices from the network until the updates to fix
security vulnerabilities have been installed.
4.14.2 Default Windows ports

Refer to the following link for information about the current Microsoft Win‐
dows default ports:
https://support.microsoft.com/en-us/kb/832017 (EN)
https://support.microsoft.com/de-de/kb/832017 (DE).
In the following, the active ports of the respective devices in the different ope‐
rating system variants in the condition as supplied to the customer are listed.
Unless otherwise listed in the system software documentation, no modifica‐
tions of the default firewall settings are implemented.
During operation, the applications and the active ports can be identified dur‐
ing operation with administrator rights and the following commands:
netstat -an -p tcp –b oder netstat -an -p udp –b

4.14.3 Devices (IndraControl VE*) with Windows 7 Embedded Standard 32

and 64 bit
Port Protocol Application
81 TCP portico (if installed)

515 TCP LPDSVC [svchost.exe]
1234 TCP Studio Manager, if activated
2103 TCP [mqsvc.exe]
5900 TCP portico or UltraVNC (if installed)
8085 HTTP WebConnector console (if installed)
8086 HTTP, TLS WebConnector console (if installed)
15000 HTTP WebConnector service (if installed)
15001 HTTPS, TLS WebConnector service (if installed)
49155 TCP [lsass.exe]
4.14.4 Devices (IndraControl VP*) with Windows 7 Embedded Ultimate 32

and 64 bit
9876 TCP, UDP Acronis
4.14.5 Devices (IndraControl VP*) with Windows 10 IoT Enterprise LTSB 64

bit

9876 TCP, UDP Acronis
4.14.6 Devices (IndraControl VP*) with Windows 7 Embedded Standard 32

and 64 bit

515 TCP LPDSVC [svchost.exe]


5900 TCP portico or UltraVNC (if installed)
8085 HTTP WebConnector console (if installed)
8086 HTTPS, TLS WebConnector console (if installed)
9876 TCP, UDP Acronis [agent.exe] (if installed)
15000 HTTP WebConnector service (if installed)
15001 HTTPS, TLS WebConnector service (if installed)
49155 TCP [lsass.exe]
4.14.7 Devices (IndraControl VP*) with Windows XP 32 bit

123 UDP [svchost.exe]

135 TCP [svchost.exe]
137 UDP [System]
138 UDP [System]
139 TCP [System]
445 TCP, UDP [System]
500 UDP [lsass.exe]
1028 TCP [alg.exe]
4500 UDP [lsass.exe]
9876 TCP, UDP Acronis[agent.exe]
4.14.8 Devices (IndraControl VR21*) with Windows Embedded compact 7

123 UDP ntp

137 UDP netbios-ns
138 UDP netbios-dgm
4322 TCP
4500 UDP nat-t-ike
4.14.9 Devices PR3x / PR4 (IndraControl VR3x / VR4) with Windows 10 IoT
Enterprise LTSB 64 bit



9876 TCP, UDP Acronis (if installed)
4.14.10 Device (IndraControl VH21) with Windows Embedded compact 7

137 UDP netbios-ns

138 UDP netbios-dgm
139 TCP NetBIOS Session Service
445 TCP SMB release (Windows
share)
4322 TCP -
4500 UDP nat-t-ike
6089 UDP -
49152 UDP ComServer/EIS key trans‐
fer
4.14.11 Devices (IndraControl VE*) with Windows XP embedded 32 bit


137 UDP [System]
138 UDP [System]
139 TCP [System]
161 UDP [snmp.exe]
445 TCP, UDP [System]
500 UDP [lsass.exe]
1025 TCP [inetinfo.exe]
1027 UDP [mqsvc.exe]
1029 TCP [alg.exe]
3456 UDP [inetinfo.exe]


3527 UDP [mqsvc.exe]
4500 UDP [lsass.exe]
4.14.12 Devices (IndraControl VE*) with Windows Embedded compact 7

Port Protocol Service
80 TCP HTTP
443 TCP HTTPS
5120 TCP UPnP
4.14.13 Devices (IndraControl VE*) with Windows CE

20, 21 TCP ftp

23 TCP telnet
80 TCP Web Server
137 UDP NTP
138 UDP NetBIOS
443 TCP HTTP SSL
5120 TCP UPnP
4.14.14 Devices (IndraControl VCP*.2) wtih Windows CE 5.0

20, 21 TCP ftp

80 TCP Web Server
137 UDP NTP
138 UDP NetBIOS
443 TCP HTTP SSL
1025 TCP ESTAB (ComServer/EIS)
4.14.15 Devices (IndraControl VCH 08.1) with Windows CE 5.0

20, 21 TCP ftp

80 TCP Web Server
135 TCP DCOM
137 UDP NTP
138 UDP NetBIOS
139 TCP NetBIOS
161 UDP -


443 TCP HTTP SSL
445 TCP SMB
1025 TCP ComServer/EIS
fer
1050-1053 TCP ComServer/EIS
4.14.16 Devices (IndraControl VCH 05.1) with Windows CE 6.0

80 TCP Web Server/EIS-WS

137 UDP NTP
138 UDP NetBIOS
443 TCP HTTP SSL
fer
4.15 Devices PR21 with Linux Ubuntu core 16

22 TCP SSH
Other opened ports are possible, depending on the apps installed on the de‐
vice. For more information, refer to the documentation of the app (e.g. IoT
Gateway)
4.16 Software
4.16.1 WebConnector, WebComposer
Via the WebConnector, visualizations can be connected to controls on all de‐
vices with compatible Java FM. The OPC UA and OCI (MLPI) protocols are
supported. The user has to configure the safe communication via OPC UA.
The safe communication via MLPIS is only supported from version 14V20
and has to be configured by the user during Connect .
The WebConnector is equipped with an integrated web server to provide cus‐
tomer-specific HTML5 pages with direct access to the automation level. The
save data communication is realized via HTTPS and TLS encryption.
The WebConnector is available on VP*. and VE* devices with Windows 7
embedded. By default, the unencrypted communication (HTTP/WS) is active,
as console via port 8085 and Windows service via port 15000, also as en‐
crypted communication (HTTPS/TLS) as console via port 8086 and Windows
service via port 15001. The user has to disable unencrypted communication.
In IndraWorks, the WebComposer is available as Engineering tool for com‐
missioning visualizations. If WebComposer objects are created in the project,
the WebConnector service is started and the ports 15000(HTTP/WS) and
15001(HTTPS/TLS) are active. The WebConnector service is not exiting by
closing IndraWorks. Upon a PC restart, the service is not running anymore
(manual start). If the Webconnector service is not required anymore after

closing the IndraWorks project or when exiting IndraWorks or after closing

the WebComposer aplication nicht mehr benötigt wird, start "services.msc"
and close the boschrexroth.webconnector service. Prevent external access to
WebConnector ports by using a firewall, if this is possible in the application.
Port list
Port Protocol Application Device
8085 HTTP WebConnector console (if installed) VP* with Win7emb.,VE* with Win7emb.
8086 HTTPS, TLS WebConnector console (if installed) VP* with Win7emb.,VE* with Win7emb.
15000 HTTP WebConnector service (if installed) VP* with Win7emb.,VE* with Win7emb.
15001 HTTPS, TLS WebConnector service (if installed) VP* with Win7emb.,VE* with Win7emb.
Tab. 4-3: Port list WebConnector
4.16.2 WinStudio
WinStudio is a visualization software for all PC-based and embedded sys‐
tems. The product consists of two parts
WinStudio Engineering:
Project planning tool to create individual HMI screens up to complete user in‐
terfaces.
Characteristics of the WinStudio Engineering packages
● Integral part in IndraWorks Engineering to create visualization applica‐
tions.
● Stand-alone editor to create individual visualizations (WinStudio Engi‐
neering stand-alone).
WinStudio Runtime:
Software on the visualization devices is pre-installed or prepared for installa‐
tion (software download).
Characteristics of the WinStudio runtime environment
● WinStudio in IndraWorks HMI interface (IndraWorks OPD). (Default user
interface of the systems MLC, MTX and IL under Windows CE/Windows
7 embedded compact, Win XP/ Win XPe, Win 7/ Win 7e)
The OPC/SCP communication between OPD and the control is

unauthenticated and unencrypted.
If possible, use a safe OPC UA connection (SignAndEncrypt-
Basic256Sha256) of the provided OPC UA communication proto‐
col.
● WinStudio Runtime (IndraWorks-independent user interface).

Port list
1234 TCP Studio manager

3997 TCP Studio Database Gateway (StADOSvr.exe)
4322 TCP Remote agent (CEServer.exe)


4448 TCP Mobile Access Runtime (MobileAccessTask.exe)
51234 TCP InduSoft Web Studio project runtime server . Encrypted
with TLS 1.2
Tab. 4-4: Port list WinStudio
4.17 ctrlX CORE apps

4.17.1 Modbus TCP
The ModbusTCP app provides additional functions for communication with a
ModbusTCP device. Subscriptions can be added to a configuration and data
layer RT nodes are also created. Any Ethernet interface can be used.
Port list
502 TCP Modbus TCP Server
Tab. 4-5: Modbus TCP port list
4.17.2 PROFINET device

The PROFINET device app enables an interface for the real-time EtherNet
system PROFINET IO and enables the ctrlX device to connect as a subsys‐
tem below a PROFINET IO controller.
Port list
34962 TCP / UDP Profinet RT Unicast

34963 TCP / UDP Profinet RT Multicast
34964 TCP / UDP Profinet Context Manager
Profinet Connection Estab‐
49152 TCP / UDP
lishment
161/162 TCP / UDP SNMP
Tab. 4-6: Profinet device port list

Possible measures
5 Possible measures
Physical measures A lockable switching cabinet should be provided to protect controls and
drives from unauthorized access.
5.1 Concept of separation

According to state-of-the-art, it is recommended to separate control networks
and system networks from other networks within an operational network infra‐
structure. The different protection requirements can be taken into considera‐
tion when separating the networks. In case of larger units, it is recommended
to partition the control and system networks. By separating larger units,
spreading of malware can be prevented. Consequently, all devices classified
as unsafe are contained in the control and system network. "Unsafe": all devi‐
ces and systems without virus protection, patch management and access
control mechanisms.
Control and system networks only have a limited or no communication op‐
tions to other networks and thus cannot be contacted. Communication to the
internet should not be possible. Assign fixed IP address to the devices and
avoid the use of DHCP services.
Unless specified otherwise, our devices and systems are intended for use in
such control and system networks. In case of deviating conditions of use,
take additional protective measures.
These rules also apply when structuring subnetworks with WLAN technology.
When using WLAN technology, WLAN-specific security properties and meas‐
ures have to be provided and documented. Keywords are:
● Device visibility
● Encryption of the transmission path according to state-of-the-art with
sufficient key length
● Key management
● User and administrator management
5.2 Service measures by third parties

If external service measures are required at devices and systems, ensure
that access via mechanisms such as VPN is possible. This also applies to
rights management and the access of service providers to controls and sys‐
tem parts.
5.3 Using firewalls

The use of firewalls is recommended at all network transitions to limit used
protocols to the essential.
5.4 Using ACLs

The control of access rights to systems and system parts should, if possible,
always controlled by ACLs. Use ACLs to ensure that accidental access to
systems and system parts can be avoided also in case of smaller network
units.

Possible measures
5.5 Using ctrlX CORE as VPN client and firewall

In addition to the mentioned measures to ensure IT security, Bosch Rexroth
provides apps for ctrlX CORE controls to ensure protection on network level
as well as a network segmentation:
● VPN Client
● Firewall

Final remark
6 Final remark
Security is a continuous process.
The process requires continuous monitoring and checks by all persons in‐
volved; also by seemingly little affected persons.
All persons involved require basic IT security knowledge.
This knowledge is an important basis for detecting and eliminating of poten‐
tial IT security vulnerabilities and deficiencies.
6.1 Recommendations
● Minimize the device and system visibility in the network
● Do not directly connect devices and systems to the internet
● Provide a firewall for devices, systems and networks and disconnect the
devices, systems and networks from the office network
● If remote maintenance is required, use authorized safe methods, e.g.
VPN Note that the access can only be as safe as the device and the
settings for the user
● Remove or disable all known default accesses and user accounts and
rename them
● If possible, use available account blocking policies to minimize the risk
of brute force attacks
● Implement the rules, forcing the use of strong passwords
● Monitor and protocol the setup of access to administrative level by third
parties
● If possible, disable all unused hardware interface
● Provide all required measures and rules, guaranteeing fast recommis‐
sioning after an incident.


Sources
7 Sources
7.1 References
● NORM VDI/VDE 2182
● NORM ISO/IEC 27000
● NORM BS/IEC 62443
● VDI guideline: "10 questions and answers about IT security in industrial
automation"
● Industrial Network Security; Eric D. Knapp; ISBN-10: 1597496456
7.2 Further links

● Bosch Product Security Incident Response Team(PSIRT), refer to
https://psirt.bosch.com/
● Rexroth safety information, see
www.boschrexroth.com/en/xc/products/product-support/security-infor‐
mation/security-information
● Bundesamt für Sicherheit in der Informationstechnik (Federal Office for
Information Security), see:
– https://www.bsi.bund.de/EN/Home/home_node.html
– https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grund‐
schutz/International/bsi-it-gs-comp-2019.html
● Verein Deutscher Ingenieure (Association of German Engineers), spe‐
cialist field 5: "Industrial information technology", technical committee
"Security", refer to https://www.vdi.de/en/home
● The citizen CERT is a product of the Bundesamtes für Sicherheit in der
Informationstechnik (Federal Office for Information Security), warning
citizens and small enterprises quickly and competently about viruses,
worms and other security vulnerabilities, refer to
https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-
Verbraucher/verbraucherinnen-und-verbraucher_node.html
● ICS-CERT warns about security vulnerabilities in IT systems, refer to
https://www.cisa.gov/uscert/security-publications
● Information about ctrlX CORE for Security configuration according to
IEC 62443-4-2, refer to Rexroth media directory


Index
Index
A Network infrastructure components............... 13
About this documentation..................................... 1 Telnet server.................................................. 12
ACLs............................................................... 3, 39 TFTP server................................................... 12
Device properties IndaDrive
B More information............................................ 11
Best practices..................................................... 41 Device properties IndraDrive
FTP server..................................................... 11
C Network infrastructure components............... 11
Telnet server.................................................. 10
Complaints............................................................ 5
Device properties PRC 7000
Controls with operating systems from
FTP server..................................................... 13
VxWorks 6.9.......................................................... 9
Network infrastructure components............... 14
Criticism................................................................ 5
SFTP server................................................... 13
ctrlX CORE.......................................................... 40
SSH server..................................................... 13
Customer Feedback.............................................. 5
Device properties PSI 6000 / PST 6000
FTP server..................................................... 13
D Network infrastructure components............... 13
Default Windows ports........................................ 31 Device properties Sercans
Device port overview Debug access................................................ 12
Device (IndraControl VH21) with Win‐ SFTP server................................................... 12
dows Embedded compact 7........................... 34 SSH server..................................................... 12
Devices (IndraControl VCH 05.1) with Device properties SLc Ethernet gateway
Windows CE 6.0............................................ 36 FTP server..................................................... 12
Devices (IndraControl VCH 08.1) with Network infrastructure components............... 12
Windows CE 5.0............................................ 35 Telnet server.................................................. 12
Devices (IndraControl VCP*.2) wtih Win‐ Device properties with operating system
dows CE 5.0................................................... 35 VxWorks 6.3
Devices (IndraControl VE*) with Windows Debug access.................................................. 9
7 Embedded Standard 32 and 64 bit............. 32 FTP server....................................................... 9
Devices (IndraControl VE*) with Windows More information:............................................. 9
CE.................................................................. 35 Network infrastructure components................. 9
Devices (IndraControl VE*) with Windows Telnet server.................................................... 9
Embedded compact 7.................................... 35 Device properties with operating system
Devices (IndraControl VE*) with Windows VxWorks 6.9
XP embedded 32 bit...................................... 34 Debug access.................................................. 9
Devices (IndraControl VP*) with Windows FTP server..................................................... 10
7 Embedded Standard 32 and 64 bit............. 32 MLPI / MLPIS server...................................... 10
Devices (IndraControl VP*) with Windows Network infrastructure components............... 10
7 Embedded Ultimate 32 and 64 bit............... 32 SFTP server................................................... 10
Devices (IndraControl VP*) with Windows SSH server..................................................... 10
XP 32 bit........................................................ 33 Telnet server.................................................. 10
Devices (IndraControl VR21*) with Win‐ Devices port overview
dows Embedded compact 7........................... 33 Devices (IndraControl VP*) with Windows
Devices PR3x / PR4 (IndraControl 10 IoT Enterprise LTSB 64 bit........................ 32
VR3x / VR4) with Windows 10 IoT Enter‐ DHCP.................................................................... 3
prise LTSB 64 bit........................................... 33 Documentation
Devices PR21 with Linux Ubuntu core 16...... 36 Revision history................................................ 1
Device properties
Controls with operating system VxWorks
6.3.................................................................... 8
F
Feedback.............................................................. 5
Device properties ctrlX CORE
Firewalls.............................................................. 39
Network infrastructure components............... 14
Further links........................................................ 43
SSH server..................................................... 14
Device properties frequency converter EFC
FTP server..................................................... 12 G
More information............................................ 13 Glossary................................................................ 3
Index
I Port lists.............................................................. 15
ICS........................................................................ 3 PROFINET device.............................................. 38
Internet sources.................................................. 43 PROFINET device port list.................................. 38
IT security PROFINET Gateway device SLC-0-GPNT
Software......................................................... 36 port list................................................................ 26
IT security / possible measures
Using ctrlX CORE as VPN/firewall com‐ R
ponent............................................................ 40 RADIUS................................................................. 3
IT security/Network configuration........................ 39 Ransom ware...................................................... 31
IT security/possible measure.............................. 39 Recommendations.............................................. 41
IT security/possible measures............................ 39 References.......................................................... 43
Concept of separation.................................... 39
Physical measures......................................... 39 S
Service measures by third parties.................. 39 SafeLogic compact
Use of firewalls............................................... 39 Device properties SLc Ethernet gateway....... 12
Using ACLs.................................................... 39 Safety vs. IT security............................................. 6
IT security/software Security guideline.................................................. 6
WebConnector, WebComposer..................... 36 ctrlX CORE apps............................................ 38
WinStudio....................................................... 37 Default Windows ports................................... 31
IT-Security Device (IndraControl VH21) with Win‐
ctrlX CORE apps............................................ 38 dows Embedded compact 7........................... 34
IT-Security / Software Device properties......................................... 8, 9
Modbus TCP.................................................. 38 Device properties ctrlX CORE....................... 14
PROFINET device......................................... 38 Device properties frequency converter
EFC................................................................ 12
K Device properties IndraDrive......................... 10
Krypto trojans...................................................... 31 Device properties PRC 7000......................... 13
Device properties PSI 6000 / PST 6000........ 13
M Device properties Sercans............................. 12
Modbus TCP....................................................... 38 Devices (IndraControl VCH 05.1) with
Modbus TCP port list.......................................... 38 Windows CE 6.0............................................ 36
Devices (IndraControl VCH 08.1) with
N Windows CE 5.0............................................ 35
Network configuration......................................... 39 Devices (IndraControl VCP*.2) wtih Win‐
dows CE 5.0................................................... 35
P Devices (IndraControl VE*) with Windows
7 Embedded Standard 32 and 64 bit............. 32
Port list CML10, CML20, CML40, CML65
Devices (IndraControl VE*) with Windows
(with MLC 04VRS),CMP40, CMP60, CMP70..... 15
CE.................................................................. 35
Port list CML25, CML45, CML65, HCQ
micro (MTX)........................................................ 17
Embedded compact 7.................................... 35
Port list CML75, CML85, XM2*, VPx*
up to including firmware 14V16...................... 19
XP embedded 32 bit...................................... 34
Port list CML75, CML85, XM2*, XM4*, VPx*
Devices (IndraControl VP*) with Windows
from firmware 14V18...................................... 21
7 Embedded Standard 32 and 64 bit....... 32, 33
Port list ctrlX CORE............................................. 23
Port list devic PSI / PST 6000............................. 28
7 Embedded Ultimate 32 and 64 bit............... 32
Port list device ctrlX DRIVE................................ 25
Port list device PRC 7000................................... 29
10 IoT Enterprise LTSB 64 bit........................ 32
Port list Device Sercans...................................... 27
Port list Device Sercos Gateway SLC-3-
XP, Windows 7, Win 10................................. 30
GS3S.................................................................. 26
Devices (IndraControl VR21*) with Win‐
Port list frequency converter EFC with Multi
dows Embedded compact 7........................... 33
Ethernet Platform(MEP)...................................... 27
Devices IndraControl VP*, VE*, VEP*,
Port list of the IndraDrive devices (with/with‐
VCH*, VR*...................................................... 30
out MLD)............................................................. 24
Port list WebConnector....................................... 37
Port list WinStudio............................................... 37
Index
Devices PR3x / PR4 (IndraControl

VR3x / VR4*) with Windows 10 IoT En‐
terprise LTSB 64 bit....................................... 33
Devices PR21 with Linux Ubuntu core 16 ..... 36
Differentiating between IT security and
Safety............................................................... 6
Final remark................................................... 41
Further links................................................... 43
Guideline structure........................................... 5
Introduction...................................................... 5
IT basic protection............................................ 6
Overview security support................................ 7
Port lists......................................................... 15
Possible measures......................................... 39
Purpose of this guideline.................................. 5
Recommendations:........................................ 41
References..................................................... 43
SafeLogic compact........................................ 12
Security-relevant product description............... 7
Software......................................................... 36
Sources.......................................................... 43
System drive (ctrlX DRIVE)............................ 11
System drive (IndraDrive with and with‐
out MLD)........................................................ 10
Systems MTX, XLC and MLC.......................... 8
Security Guideline
Possible measures......................................... 40
Security manual
Known vulnerabilities....................................... 6
Separation of networks....................................... 39
Sources............................................................... 43
Suggestions.......................................................... 5
System drive
IndraDrive with and without MLD................... 10
Systems MTX, XLC and MLC
VxWorks........................................................... 8
T
Third parties........................................................ 39
V
VPN/firewall component...................................... 40
W
WebConnector port list....................................... 37
Windows 7.......................................................... 30
Windows systems............................................... 30
Windows XP........................................................ 30
WinStudio............................................................ 37
Bosch Rexroth AG
Bgm.-Dr.-Nebel-Str. 2
97816 Lohr a.Main
Germany
Tel. +49 9352 18 0
Fax +49 9352 18 8400
www.boschrexroth.com/electrics
*R911342562*
R911342562
DOK-IWORKS-SECURITY***-PR11-EN-P

Security Guideline Electric Drive and Controls: Project Planning Manual R911342562

Uploaded by

Copyright:

Available Formats

Security Guideline Electric Drive and Controls: Project Planning Manual R911342562

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security Guideline Electric Drive and Controls: Project Planning Manual R911342562

Uploaded by

Copyright:

Available Formats

Security Guideline

Project Planning Manual Edition 11

Title Security Guideline

Type of Documentation Project Planning Manual

Document Typecode DOK-IWORKS-SECURITY***-PR11-EN-P

Internal File Reference RS-b5f38972e046f0990a6846a5005c4277-11-en-US-3

Revision history Edition 11, 2023-02

1 About this documentation.............................................................................................. 1

4 Security-relevant product description............................................................................. 7

R911342562_Edition 11 Bosch Rexroth AG

Bosch Rexroth AG R911342562_Edition 11

About this documentation

1 About this documentation

Edition Release date Note

R911342562_Edition 11 Bosch Rexroth AG

About this documentation

Edition Release date Note

Tab. 1-1: Revision history

Bosch Rexroth AG R911342562_Edition 11

R911342562_Edition 11 Bosch Rexroth AG

UDP User datagram protocol

Bosch Rexroth AG R911342562_Edition 11

Operating systems and machines requires the implementation of

The directive VDI 2182 is used as basis for this approach.

3.1 Purpose of this guideline

3.1.1 Customer feedback

3.2 Guideline structure

R911342562_Edition 11 Bosch Rexroth AG

The conclusion provides information about the general specifications about

3.2.1 Differentiating between "IT security" and "Safety"

Protection of humans and environment. Protection from humans and environ‐

3.3 IT basic protection

3.4 Known vulnerabilities

Bosch Rexroth AG R911342562_Edition 11

Security-relevant product description

4 Security-relevant product description

WARNING Operating Bosch Rexroth products in net‐

4.1 Overview security support

Device CML10 CML75 VE* XC* Kxx02 XCD SLC-3-CPUx

R911342562_Edition 11 Bosch Rexroth AG

Security-relevant product description

Device EFC PSI 6000 VP* XM2* VE*

4.2 Systems MTX, XLC and MLC

4.3 Device properties – controls with operating system VxWorks

Bosch Rexroth AG R911342562_Edition 11

Security-relevant product description

In particular, take the field buses into consideration which implicit‐

4.4 Device properties – Controls with operating systems from

R911342562_Edition 11 Bosch Rexroth AG

Security-relevant product description

In particular, take the field buses into consideration which implicit‐

4.5 System drive (IndraDrive with and without MLD)

4.5.1 Device properties IndraDrive

Bosch Rexroth AG R911342562_Edition 11

Security-relevant product description

In particular, take the field buses into consideration which implicit‐

4.6 System drive (ctrlX DRIVE)

4.6.1 ctrlX DRIVE device properties

R911342562_Edition 11 Bosch Rexroth AG

4.13.3 Port list CML75, CML85, XM2, VPx

4.13.4 Port list CML75, CML85, XM2, XM4, VPx*