cancel
Showing results for 
Search instead for 
Did you mean: 
SOLVED

ctrlX CORE -> OPC UA server app potentially not compatible with WinStudio OPC UA client.

ctrlX CORE -> OPC UA server app potentially not compatible with WinStudio OPC UA client.

CodeWasi
Occasional Contributor

The note may be interessting to those of  you who wonder .... why a OPC UA setup with a updated device_admin is not working anymore,
                                                                                              .... why the UaExpert testclient is responding unexpeted with ... badhostUnknown
                                                                                               .... why WinStudio OPC UA client is not appropreate anymore to get access to the ctrlX.

At the beginning of ctrlX ( device_admin <=250) unsecure connection/request had been accepted by that ctrlX- device_app. Access to data had been provided and security_features had not been focused on. Nowadays the security token restriction had been implemented inside the device_admin ignoring unsecure requests at all. -> Without securitytoken no answer. (Bad communication .... )

According to that - either fullfill the requirement and get answers or the speak unsecure and do not receive any reply.
Hence, e.g. OPC UA server app needs to talk in a secure manner toward device_admin...which is provide in the updated app.

In addition the communication of the WinStudio located OPC UA client and (ctrlX CORE placed )OPC UA server is not fullfilling the security standards regarding the security-politics. the client does not talk the "security-languages" the server offers.
Unfortunatly the client security features are not update-able yet. Unsecure communication inbetween both OPC UA is only feasible which is not acceptable in many cases. 
Further info available:
https://www.unified-automation.com/news/news-details/article/user-authentication-token-exploit.html
https://apps.opcfoundation.org/ProfileReporting/index.htm?ModifyProfile.aspx?ProfileID=45f01bb8-4a15...

In case the WinStudioHMI is supposed to ignore that security standards - WinStudio can be most likely enabled to get permission to the datalayer-data by operating with a modified OPC UA server app. That needs to be checked/tested and judged seperately and in dialog with the corresponding R&D colleagues/application.

11 REPLIES 11

CodeShepherd
Community Moderator
Community Moderator

Release of the new WinStudio with 256bit encryption is planned in Indraworks 15V08 in July of this year.

Usalas
Long-established Member

I am trying 15V10 without much luck. any suggestions will be appreciated

 

CodeShepherd
Community Moderator
Community Moderator

Please check the system clocks from your ctrlX CORE and your HMI or engineering PC. They have to be the same for correct security checks.

Also with WinStudio included in IW 15V10 is still a bug in the certification tool. You would need the actual IW15V12 with WinStudio runtime 7.4 SP2 on the HMI PC.

At last please beware that the name of the HMI PC has to be insert in the certificate.

CodeShepherd_0-1618988471995.png

 

Usalas
Long-established Member

Thanks. that was it. Now its working

Which version you used to make this work?

CodeShepherd
Community Moderator
Community Moderator

IW15V12 with WinStudio runtime 7.4 SP2 on the HMI PC

ctrlX OPCUA Server 1.8.2 on the ctrlX CORE

EDIT: IW15V10.P1 on the Engineering PC.

CodeWasi
Occasional Contributor

And there is no alternative IW-Suite version - covering the WinStudio runtime 7.4 SP2 - available so far.

(Runtime functionality needs to dock/correspond to the Engineering-tool--functionality). 

You can use an IndraWorks 15V10.P1 on your engineering PC to connect to the latest Winstudio runtime 7.4 SP2 on a target (e.g. VR21).

Here is some help how to establish connection between ctrlX Core and VR21XX HMI panel.

Peter_B
Community Moderator
Community Moderator

Update:

If you use WinStudio from IW15V16P1 you can communicate with a VR21. Due to the fact, that there are some files missing in the OS of the VR21, you have to choose OPC_UA communication without Security. This you have also to define inside the ctrlx:

Peter_B_0-1669199893846.png

 

I refer to the actual ctrlx Version (1.16.0)

Peter

 

Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist