Ucp CP v18 Manual en-US

Control Panel V18
Overview of functions 1
System Properties 2
3
SIMATIC HMI Runtime Properties
Networks and Internet 4

Unified Comfort Panels
Control Panel V18 5
Security
External Devices and Input 6

Operating Manual
Language, Region and
Formats 7
Service and Commissioning 8
Apps 9
Appendix A
11/2022
UCP Image V18.0.0.x
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
Siemens AG Copyright © Siemens AG 2022.

Digital Industries Ⓟ 11/2022 Subject to change All rights reserved
Postfach 48 48
90026 NÜRNBERG
GERMANY
Table of contents
1 Overview of functions ........................................................................................................................... 5

2 System Properties .................................................................................................................................. 7
2.1 Panel information ................................................................................................................ 7
2.2 Display ................................................................................................................................ 8
2.3 Screensaver ......................................................................................................................... 9
2.4 Update OS ......................................................................................................................... 10
2.5 Reboot............................................................................................................................... 12
2.6 Performance ...................................................................................................................... 13
2.7 Taskbar.............................................................................................................................. 14
2.8 Event Logger ..................................................................................................................... 15
3 Runtime Properties .............................................................................................................................. 17
3.1 Project information ............................................................................................................ 17
3.2 Automatic runtime start ..................................................................................................... 17
3.3 Alarm buffer ...................................................................................................................... 18
3.4 Web client ......................................................................................................................... 19
3.5 Load project from storage .................................................................................................. 20
4 Networks and Internet......................................................................................................................... 23
4.1 Network settings ............................................................................................................... 23
4.1.1 Overview ........................................................................................................................... 23
4.1.2 PN-X1 ................................................................................................................................ 24
4.1.3 PN-X2 ................................................................................................................................ 25
4.1.4 General ............................................................................................................................. 27
4.2 Remote connection ............................................................................................................ 27
4.3 Network drive .................................................................................................................... 29
5 Security ................................................................................................................................................ 33
5.1 User management ............................................................................................................. 33
5.2 Certificates ........................................................................................................................ 42
5.3 Control panel access .......................................................................................................... 45
5.4 UMAC settings ................................................................................................................... 47
6 External Devices and Input .................................................................................................................. 49
6.1 Hardware interfaces........................................................................................................... 49
7 Language, Region and Formats ........................................................................................................... 50
7.1 Date and time .................................................................................................................... 50
Control Panel V18

Operating Manual, 11/2022, UCP Image V18.0.0.x 3
Table of contents
8 Service and Commissioning ................................................................................................................ 52

8.1 Transfer ............................................................................................................................. 52
8.2 Update OS ......................................................................................................................... 53
8.3 Backup .............................................................................................................................. 55
8.4 Automatic backup.............................................................................................................. 57
8.5 Restore .............................................................................................................................. 62
8.6 Trace forwarder ................................................................................................................. 63
9 Apps ..................................................................................................................................................... 65
9.1 SIMATIC Apps .................................................................................................................... 66
9.2 Add-ons............................................................................................................................. 69
9.3 App Management .............................................................................................................. 72
A Appendix ............................................................................................................................................. 73
A.1 Industrial Security .............................................................................................................. 73
A.2 Notes on operation ............................................................................................................ 74
A.3 Web access to the HMI device ............................................................................................ 74
A.4 Resetting an HMI device to factory settings via ProSave ...................................................... 80
A.5 Using the maintenance mode ............................................................................................ 81
Control Panel V18

4 Operating Manual, 11/2022, UCP Image V18.0.0.x
Overview of functions 1
The table below shows the icons of the Control Panel and provides links to the corresponding
function descriptions in the appropriate sections.
Icon Name Assigned functions

- Open the main window of the Control Panel
Start Runtime Start project on the HMI device

See also "Automatic runtime start (Page 17)"
System Properties Panel information (Page 7)
Display (Page 8)
Screensaver (Page 9)
Update OS (Page 10)
Reboot (Page 12)
Performance (Page 13)
Taskbar (Page 14)
Event Logger (Page 15)
Runtime Properties Project information (Page 17)
Automatic runtime start (Page 17)
Alarm buffer (Page 18)
Web client (Page 19)
Load project from storage (Page 20)
Network and Internet Network settings (Page 23)
Remote connection (Page 27)
Network drive (Page 29)
Security User management (Page 33)
Certificates (Page 42)
Control panel access (Page 45)
UMAC settings (Page 47)
External Devices and Input Hardware interfaces (Page 49)
Language, Region and Formats Date and time (Page 50)
Service and Commissioning Transfer (Page 52)

Update OS (Page 10)
Backup (Page 55)
Automatic backup (Page 57)
Restore (Page 62)
Trace forwarder (Page 63)
Apps Apps (Page 65)
Control Panel V18

Overview of functions
Some settings, such as interface parameters, runtime settings, settings for remote access or
user management, can be configured in WinCC and loaded to the HMI device. After loading,
you can adjust the settings as needed in the Control Panel of the HMI device.
Control Panel V18

System Properties 2
2.1 Panel information
Under "Panel information" you will find information specific to your HMI device, which you
will need, for example, if you contact Technical Support.
Properties
The following figure shows an example. Variable display values are shown with the wildcard
character "#" or between angle brackets "<>".
• "Device type": HMI device type designation

• "Article number": Article number of the HMI device
• "Serial number": HMI device serial number
• "Firmware/Image version": Version of the firmware and operating system.
• "Runtime version": Version of the runtime software located on the HMI device
• "Bootloader version": Version of the bootloader
• "Bootloader release date": Bootloader release date
• "PN-X1 MAC address": MAC address of the HMI device interface X1
• "PN-X2 MAC address": MAC address of the HMI device interface X2
Control Panel V18

System Properties
2.2 Display
2.2 Display
Under "Display" you define the display orientation and the display brightness via the intensity
of the backlight.
NOTICE
Backlight reduction
The brightness of the backlight decreases with increasing service life.
To avoid shortening the service life of the backlight unnecessarily, reduce the backlight.
Orientation
• "0° (Landscape)" (default setting): Select this option for HMI devices that have been
installed and configured in landscape format.
• "90° (Portrait)": Select this option for HMI devices that have been installed and configured
in portrait format.
Note
Display orientation and Runtime project
The display orientation in the Control Panel should match the display orientation of the HMI
device in the WinCC configuration. After switching the orientation in the Control Panel, adjust
the configuration and reload the project into the HMI device.
The display orientation in the Control Panel should only be switched if no runtime project is
running on the HMI device.
If you switch the display orientation while a Runtime project is running on the HMI device,
the project may not be displayed correctly on the HMI device display after switching. To
display the project correctly, restart the Runtime software or the HMI device.
Brightness
Set the desired display brightness using the slider.

Value range: 10 to 100%. Default setting: 70%
The display brightness can also be set within the value range via the configuration.
Control Panel V18

System Properties
2.3 Screensaver
2.3 Screensaver
Under "Screensaver" you define the time until the automatic activation of the screensaver and
the brightness of the backlight when the screensaver is active.
NOTICE
Activating the screensaver
If an image is displayed on the screen for long time, its outline may remain dimly visible on
the display.
This effect is reversible when you use a screensaver.
General Settings
• "Enable screensaver": Select this option to activate the screensaver.

Default setting: "deactivated".
• "Wait time": Time to activate the screensaver, value range 1 to 120 minutes. Default
setting is "1 min."
The screensaver is automatically activated if the HMI device is not operated within the
specified period of time.
Brightness of screensaver
Use the slider to set the desired display brightness of the screensaver, value range 0 to 100%.
Default setting is "30 %".
To deactivate the screensaver, tap the touch screen briefly. For safety reasons, this touch is
not evaluated as an operator action. Therefore, no unintentional functions can be triggered.
The screensaver is also deactivated when the HMI device is accessed remotely, for example,
via SmartClient or the configuration PC.
Control Panel V18

System Properties
2.4 Update OS
2.4 Update OS
The firmware and operating system version of the HMI device must be compatible with the
firmware and operating system version of the installed WinCC software. If this is not the case,
then you must update the operating system.
Use "Update OS" to update the operating system of the HMI device. The operating system is
contained in several firmware files. The master file has the extension ".fwf". The number of
additional files varies; these files have the file name of the master file and a sequential
number (".0", ".1", ".2", etc.) as an extension.
The "Update OS" function is available under both "System Properties" and "Service and
Commissioning".
NOTICE
Updating the operating system deletes data on the HMI device
Project, parameter sets and user administration will be deleted when you update the
operating system on the HMI device.
Before updating the operating system, backup the data on the HMI device, if necessary.
All settings, except the following settings which you changed in the Control Panel before
updating the operating system, are retained even after the update of the operating system:
• The external interfaces become activated again (default setting), see section "Network
settings (Page 23)".
• The time zone is reset to the default setting "(UTC) Coordinated Universal Time", see
section "Date and time (Page 50)".
• The credentials for connected network drives must be entered again, see section
"Network drive (Page 29)".
NOTICE
Automatic backup and updating the operating system
When the "Automatic backup" function is activated while the operating system is being
updated, the HMI device may not start up again correctly.
If you want to update the operating system of the HMI device and have activated the
"Automatic backup" function, follow these steps:
1. Deactivate the "Automatic backup" function.
2. Update the operating system.
3. Activate the "Automatic backup" function.
Leave the system memory card in the HMI device before and during the entire update.
Control Panel V18

System Properties
2.4 Update OS
Use a SIMATIC SD memory card with 32 GB or more or an industrial USB flash drive to load
the firmware.
Firmware files for the HMI devices can be downloaded from the Internet
(https://support.industry.siemens.com/cs/ww/en/view/109746530). Observe the
documentation included with the download.
Note
Do not rename firmware files
If you change the name of the firmware files, the operating system can no longer be updated
with these firmware files. The firmware files become unusable. Leave the name of the
firmware files unchanged.
Note
Copy firmware files completely
If you copy the firmware files, be sure to also copy the master file ".fwf" together with all
associated firmware files (".0", ".1", ".2", etc.).
If one of the files is missing, the operating system cannot be loaded.
Alternatively to the "Update OS" function in the Control Panel, you can use the "Update OS"
function in WinCC.
Panel Information
• "Device type": HMI device type designation.

• "Image version": Version of the firmware and operating system.
Select storage media for OS update
Use the selection list to select the storage medium on which the firmware file is located.
Control Panel V18

System Properties
2.5 Reboot
Firmware files on external storage
• The list shows all firmware files that can be loaded into the HMI device.
Select the desired firmware master file (.fwf) from the list.
• "Update OS": Button for starting the loading process.
The HMI device restarts after the "Update OS" button is pressed. The loading process then
begins.
A dialog with a progress bar is displayed on the HMI device for each firmware file.
The HMI device is restarted again after the completion of the loading process.
The main window of the Control Panel is displayed after the restart. The operating system
on the HMI device is updated.
2.5 Reboot
You can restart the HMI device manually under "Reboot". The restart can be carried out
normally or in maintenance mode.
In the following cases the HMI device is automatically restarted after confirmation:
• You have made changes to the PN-X1 interface under "Ethernet parameters Port 1" or
"Ethernet parameters Port 2", see section "PN-X1 (Page 24)".
• You have made changes under "General network settings", see section "General
(Page 27)".
• You have switched the "Enable alarm buffer" option, see section "Alarm buffer (Page 18)".
A manual restart of the HMI device is required in the following case:
• You have changed the interface parameters under "Media redundancy" in the
configuration and loaded the project to the HMI device again.
Control Panel V18

System Properties
2.6 Performance
NOTICE
Data loss
All volatile data is lost with a restart.
Make sure that no project is running on the HMI device and no data is being written to the
flash memory.
Reboot panel
"Reboot panel": Button for a simple restart of the HMI device ("soft reboot").
Reboot in maintenance mode
"Reboot in maintenance mode": Button for a restart in maintenance mode. The restart in
maintenance mode is required to reset the HMI device to factory settings.
The HMI device restarts after the "Reboot in maintenance mode" button is pressed. The
"Maintenance Mode" dialog box is displayed for a period of 10 minutes. In this period you can
connect the HMI device to a configuration PC and reset the HMI device to factory settings
with the ProSave software.
See also
Resetting an HMI device to factory settings via ProSave (Page 80)
2.6 Performance
Under "Performance" you can activate the monitoring of the internal flash memory.
Flash Memory Monitoring Section
"Show Alarm if life of flash memory is reducing fast": Option to activate flash memory
monitoring. The default setting is "activated".
Control Panel V18

System Properties
2.7 Taskbar
If the option is activated, the state of the flash memory is checked cyclically. If the cyclical
check results in a high load on the flash memory, the message "Flash memory life time
reducing fast" is displayed regularly.
• "Monitoring Setings": Button for opening the "Performance" settings in the Control Panel.
Press the button, note the cause specified under "Source" and contact the corresponding
administrator or project engineer.
• "OK": Button for acknowledging the alarm.
Last alarm
• "Alarm": Display panel with the last alarm that was displayed about the status of the flash
memory.
• "Source": Display field with information on the cause of the last alarm. Pass this
information on to the administrator or project engineer, who can change the settings in
the corresponding app or the configuration of the HMI device so that the "Flash memory
life time reducing fast" alarm no longer appears.
• "Reset alarm": Button for deactivating the regularly occurring "Flash memory life time
reducing fast" alarm. The button can only be operated by users with the "Control Panel
Administrator" authorization. After pressing the button, the "Flash memory life time
reducing fast" alarm is only displayed again when the next cyclic check results in a high
load on the flash memory.
2.7 Taskbar
Under "Taskbar", you specify whether the taskbar is displayed on the HMI device and at which
position.
General Settings
"Enable taskbar": Option to enable or disable the taskbar. The default setting is "enabled".
Control Panel V18

System Properties
2.8 Event Logger
Position of taskbar
"Position on screen": Drop-down list to specify the position of the taskbar on the display. The
drop-down list is only active when the "Enable taskbar" option is selected.
Selection options:
• "Bottom": The taskbar is displayed at the very bottom on the display.
• "Top": The taskbar is displayed at the very top on the display.
• "Left": The taskbar is displayed at the very left on the display.
• "Right": The taskbar is displayed at the very right on the display.
Default setting is "Bottom".
2.8 Event Logger

The "Event Logger" function gives you the option of recording complete runtime operating
scenarios on a storage medium.
The recorded data includes all "tracing" information, screen contents, screen changes and
operator actions. The recorded data can be used, for example, to analyze the cause of errors
by the Technical Support.
General Settings
• "Enable Event logger": Option to enable or disable the "Event Logger" function. The default
setting is "deactivated".
• "Storage Medium": Storage medium on which the recorded data is saved (USB storage
medium or SD card).
Control Panel V18

System Properties
2.8 Event Logger
Starting and stopping the recording

1. Connect an external storage medium to the HMI device.
Note
The external storage medium must be connected to the HMI device before the "Event
Logger" function is enabled.
2. Select the storage medium for the recording under "Storage Medium".
3. Select the "Enable Event logger" option.
A message informs the user that a restart of the Runtime is required.
4. If a project is still running on the HMI device, close Runtime.
5. Start Runtime. The following data is included in the recording:
– All "tracing" information
– All screen contents and screen changes
– All operator actions
The recorded data is stored encrypted in a file in the root directory of the storage medium.
Syntax for the file name of a recording: "telemetry_<date>_<time>_<id>"
– <date>: Date in the format "yyyymmdd" (year, month, day)
– <time>: Time in the format "hhmmss" (hour, minute, second)
– <id>: Unique number for the recording
Depending on the amount of data recorded, a recording can be comprised of multiple
files.
Recording is ended if the storage space on the storage medium is insufficient for the
recording. Make sure that enough free storage space is present on the storage medium.
6. To stop the recording, clear the "Enable Event logger" option.
Switching to another storage medium

If multiple storage media are connected to the HMI device and you want to continue
recording on a different storage medium, proceed as follows:
1. Clear the "Enable Event logger" option.
2. Select another storage medium under "Storage Medium".
3. Select the "Enable Event logger" option.
4. Start Runtime.
See also
Trace forwarder (Page 63)
Control Panel V18

Runtime Properties 3
3.1 Project information
Under "Project information" you can view the project-specific information that uniquely
identify the project on the HMI device.
Project information
• "Name": Name of the project is equivalent to the name of the project in WinCC (TIA
Portal).
• "Device name": Automatically generated name of the runtime project on the HMI device.
• "Project ID": Unique identification of the runtime project is equivalent to the "Runtime ID"
of the project in WinCC (TIA Portal).
3.2 Automatic runtime start

Under "Automatic runtime start" you define whether the project on the HMI device starts
automatically or not after a defined delay time.
Automatic runtime start
"Waiting time(s)": Drop-down list for determining whether the project on the HMI device
starts automatically after a specified delay time or not.
Control Panel V18

Runtime Properties
3.3 Alarm buffer
Selection options:
• "0": The project is started directly after the operating system.
• "15" to "60": The project starts after a delay time of 15 to 60 seconds. During the delay
time, the dialog "Runtime Start" is displayed with a countdown and the following buttons:
– "Cancel": The dialog is closed, Runtime does not start.
– "Skip": The delay time is skipped, Runtime is started.
• "no automatic runtime start" (default setting): The project is not started automatically, but
via the "Start Runtime" button in the Control Panel.
Starting Runtime
While Runtime starts on the HMI device, the dialog box "Runtime Start" is displayed with an
initialization message. The Control Panel cannot be operated while Runtime is starting.
Note
Once the project has started, you have the following options to open the Control Panel:
• Via the taskbar.
• Via an operating element for which the "ShowControlPanel" or "StopRuntime" function has
been configured.
3.3 Alarm buffer

Under "Alarm buffer" you can activate or deactivate the retentive alarm buffer. The default
Note
Back up data before deactivating the retentivity
When you deactivate the retentivity of the alarm buffer and still need the data in the alarm
buffer, back up this data before deactivating the retentivity in a log.
Alarm buffer configuration
• "Storage media": Selection list for defining the storage medium for the retentive alarm
buffer. Selection options:
– "Internal Memory": Alarms are written to the internal flash memory.
Control Panel V18

Runtime Properties
3.4 Web client
• "Enable alarm buffer": Option to enable or disable the retentive alarm buffer. The default
When the retentivity of the alarm buffer is activated, the retentive alarm data is backed up
every two seconds to the selected storage medium. With a high number of alarms, the
storage medium is subject to an equally high number of read and write cycles.
If the retentivity of the alarm buffer is deactivated, the alarm buffer is emptied and the
retentive alarm data is no longer backed up to the selected storage medium. This means
the storage medium is used less with a high number of alarms.
Switching the "Enable alarm buffer" option requires a restart, the "Enable alarm buffer" dialog
is displayed. Restart the system using the "OK" button.
See also
Reboot (Page 12)
3.4 Web client

Under "Web client", you can enable web-based client access to the runtime project. Operator
control in runtime via a client is asynchronous, that is, the display content of the server does
not change while the client is operating in runtime.
Web client configuration
• "Enable web access to runtime": Option to enable web access to the runtime project.
Web access to the runtime project

When web access is enabled, you can access the runtime project via a browser, see section
"Web access to the HMI device (Page 74)".
For more information on remote access via "Web client", refer to the TIA information system
under: "Visualizing processes (RT Unified) > Configuring remote access > Web client".
Control Panel V18

Runtime Properties
3.5 Load project from storage

Under "Load project from storage", you can load into the HMI device a project that was
backed up on an external storage medium in WinCC (TIA Portal).
You generate the necessary project data in WinCC by configuring the HMI device and then
using drag-and-drop to move the folder of the HMI device (e.g. "HMI_1 [<DeviceType>]") to
an external storage medium ( icon) under "Card Reader/USB memory".
Recommendation: The Runtime and firmware versions of the project should match those of
the HMI device.
Select storage media for project transfer
Select the storage medium on which the backed-up project is stored.
Projects on external storage
• The list includes all projects that are located on the external storage medium.
• "Show details": Button for displaying additional information on a selected project.
• "Load project": Button for loading the selected project.
Control Panel V18

Runtime Properties
Displaying details and checking compatibility

If you have selected a project you can use the "Show details" button to display more
information about the selected project and check whether the project can be loaded into the
HMI device.
• "Name": Name of the project.

• "Device": Name of the HMI device in the project.
• "RT Version": Runtime version of the project.
• "Project path": Path of the project on the external storage medium.
• "Project ID": Unique identification of the runtime project is equivalent to the "Runtime ID"
of the project in WinCC (TIA Portal).
• "Date created": Date on which the project in WinCC (TIA Portal) was saved to a storage
medium.
• "Size": Size of the project on the storage medium.
• "Compatibility": A message about the compatibility of the project and the HMI device is
displayed in this output field. Depending on the degree of compatibility, the message is
highlighted in color.
The following messages can be displayed in the "Compatibility" output field:
• The message "Compatible": Project and HMI device are compatible, the project can be
loaded without any problem.
• Messages of the "Warning" type highlighted in orange: Firmware and/or runtime version
of project and HMI device differ. The versions are compatible, an "Upgrade" or
"Downgrade" is optional. The project can be loaded.
• Messages of the "Error" type highlighted in red: The project cannot be loaded for one of
the following reasons.
– Project and device type are incompatible, i.e. the project was created for a different
device type. To load the project, replace the device in WinCC.
– Firmware and/or Runtime version of project and HMI device are incompatible, an
"Upgrade" or "Downgrade" is required. To load the project, update the operating
system of the HMI device.
You can find information on updating the operating system at the end of this section and
under "See also".
Control Panel V18

Runtime Properties
Load project
The "Load preview" dialog is displayed via the "Load project" button.
• Under "Keep actual values of the following objects", you specify whether the process
values of the following objects are to be retained:
– "Screen objects and tags": Option for keeping the process values of screen objects and
tags on the HMI device.
– "User administration data": Option for keeping the user management on the HMI
device.
Under "Reset logging and alarm events", you specify whether data in logs and alarm
events are to be deleted:
– "All logging activities": Option for deleting all logs and alarm events.
The "Encrypted project transfer" area is displayed when encrypted transfer is enabled for
the selected project. In this case, enter the password that was set in WinCC for the
encrypted transfer.
• The "Load" button loads the project into the HMI device, taking the selected settings into
account.
After the loading process, you can start the project via the "Start Runtime" function on the
HMI device.
Activation of the options that are currently grayed out is envisaged in a later firmware
version.
See also
Update OS (Page 10)
Control Panel V18

Networks and Internet 4
4.1 Network settings
4.1.1 Overview
Under "Network settings", you change settings for the network and for the network interfaces
X1 and X2. Both interfaces support PROFINET basic services.
The following buttons take you to the corresponding settings.
• "PN-X1": Settings for X1 interface (Page 24)

• "PN-X2": Settings for X2 interface (Page 25)
• "General": General settings (Page 27)
The settings under "Network settings" are retained after a restart or update of the operating
system.
In the following cases, the settings under "Network settings" are not retained:
• If the HMI device is reset to factory settings, all settings will be reset to their default
values.
• When a project with changed network settings is loaded to the HMI device, the values
from the project are applied.
Control Panel V18

Networks and Internet
4.1.2 PN-X1
Under "PN-X1" you define the parameters for the X1 interface and both X1P1 and X1P2
connections.
PROFINET
• "Device name": PROFINET name of the interface may not contain any spaces and must be
unique in the local network.
• "Converted name": Display field with the PROFINET name of the interface, contains the
entry under "Device name", automatically converted according to PROFINET naming
conventions.
• "MAC address": Display field with the MAC address of X1 interface of the HMI device.
IP address
• "Specify an IP address": Option to manually assign the IP address.

• "IP address": IP address of X1 interface for the X1P1 and X1P2 ports. The IP address must
be unique in the local network. If this is not the case, the IP address of the HMI device is
automatically set to the value "0.0.0.0". The IP addresses of X1 and X2 interfaces must be
located in different subnets.
• "Subnet mask": Subnet mask for the IP address of X1 interface.
• "Default gateway": IP address of the gateway (router) if several different local networks
are used.
• "Set IP address": Button for saving the specified IP address parameters.
Control Panel V18

Ethernet parameters Port 1, Ethernet Parameters Port 2
• "Activate this port for use": Option to activate or deactivate the X1P1 or X1P2 ports. The
default setting is "Activated".
• "Mode and speed": List for selecting the transmission type and transmission rate for the
interface; selection options: "Automatic" (default setting) or "100Mbps / FDX" (100 Mbps,
full-duplex). Use the default setting "Automatic" preferably.
• "Boundaries":
– "End of detection of accessible nodes": DCP frames for detecting accessible nodes are
not forwarded. Nodes located beyond this interface are no longer accessible.
– "End of topology discovery": LLDP frames for topology discovery are not forwarded.
Changes under "Ethernet parameters Port 1" and "Ethernet parameters Port 2" require a
restart, the "PROFINET Port Settings" dialog box is displayed. Restart the system using the
"Restart" button.
4.1.3 PN-X2
Under "PN-X2" you define the parameters for the X2 interface.
PROFINET
• "Device name": PROFINET name of the interface may not contain any spaces and must be
unique in the local network.
• "Converted name": Display field with the PROFINET name of the interface, contains the
entry under "Device name", automatically converted according to PROFINET naming
conventions.
• "MAC address": Display field with the MAC address of X2 interface of the HMI device.
Control Panel V18

IP address
• "Obtain an IP address via DHCP" (default setting): Option to automatically assign the IP
address via the DHCP server.
• "Specify an IP address": Option to manually assign the IP address.
• "IP address": IP address of the X2 interface. The IP address must be unique in the local
network. The IP addresses of X2 and X1 interfaces must be located in different subnets.
• "Subnet mask": Subnet mask for the IP address of X2 interface.
• "Default gateway": IP address of the gateway (router) if several different local networks
are used.
• "Set IP address": Button for saving the specified IP address parameters.
Note
When you select the option "Specify an IP address via DHCP", this setting is not overwritten
when the project is loaded. When you select the option "Specifiy an IP address", you can also
configure the network address in the WinCC device configuration and load it to the HMI
device together with the project.
Ethernet parameters Port
• "Activate this port for use": Option to enable or disable the port. The default setting is
"Activated".
• "Mode and speed": List for selecting the transmission type and transmission rate for the
port.
Selection options:
– "Automatic" (default setting)
– "10Mbps / HDX" (10 Mbps, half duplex)
– "10Mbps / FDX" (10 Mbps, full duplex)
– "100Mbps / HDX" (100 Mbps, half duplex)
– "100Mbps / FDX" (100 Mbps, full duplex)
Use the default setting "Automatic" preferably.
Control Panel V18

4.2 Remote connection
Name servers
• "Primary DNS": Address of the DNS server.

• "Secondary DNS": Address of the secondary DNS server.
If you have activated the "Obtain an IP address via DHCP" option under "IP adress", the
specifications under "Name servers"are optional.
4.1.4 General
You define the general network parameters under "General" .
General network settings
• "Enable simple network management protocol (SNMP)": Option to enable or disable the
Simple Network Management Protocol for data transmission. The default setting is
"enabled".
Note
Disabling this option increases the information security because less information is
exchanged with other devices in the network.

Change the settings for remote access to the HMI device under "Remote connection". You can
define two passwords for remote access, for example, a password for the "Operate" right and
a password for the "Monitor" right. Operator control in the Control Panel or in runtime is
synchronous, that is, the display content of the server changes at the same time as the
display content of the client.
Change the settings under "Remote connection" only if no client is connected to the
SmartServer, because changing the settings disconnects all client connections.
Control Panel V18

Smart Server
"Enable Smart Server": Option to activate or deactivate the SmartServer on the HMI device.
The default setting is "deactivated". This option can only be activated if two different
passwords have been set under "Users".
If the SmartServer is started on an HMI device, you can access the HMI device via the
SmartClient application or a VNC client, such as Tigervnc. Depending on the settings under
"Users", the client can operate or monitor the server device.
Note
Depending on the bandwidth of the connection and the number of connected clients, the
performance on the clients may be different than the performance on the SmartServer.
Each client that connects to the SmartServer and operates or monitors the runtime project,
uses resources on the SmartServer device. For high performance and low consumption of
resources, you should have as few clients as possible connected to the SmartServer at the
same time.
Users
In this area you define the passwords and access rights for two users. The passwords of the
two users must not be identical. Several users can access the SmartServer simultaneously via
one password.
• "Password for user1": First password for access to the HMI device. Default setting: "empty".
– "User1 is allowed to remote control the panel": Option to activate the "Operate" right
for a user who logs in with password 1. The default setting is "deactivated".
• "Password for user2": Second password for access to the HMI device. The password must
be different from the "Password for user1". Default setting: "empty".
– "User2 is allowed to remote control the panel": Option to activate the "Operate" right
for a user who logs in with password 2. The default setting is "deactivated".
Password guidelines for the SmartServer

The passwords under "Users" must have a length of exactly 8 characters and include the
following characters:
• At least one capital letter (A - Z)
• At least one lowercase letter (a - z)
• At least one number (0 - 9)
• At least one special character (! $ % & ( ) * + , - . / : ; < = > ? @ [ \ ] _ { | } ~ ^)
Control Panel V18

4.3 Network drive
Communication
• "Secure communication via self-signed certificate": Option to enable secure

communications via SSL encryption. Default setting: "activated".
Client access is only possible if the client application supports SSL encryption.
For access via the SmartClient application, this option must be cleared.
• "Port Configuration"
– "Automatic" (default setting): Option to enable automatic port assignment. The default
value "5900" for the port number remains unchanged.
– "Manual": Option to enable manual port assignment.
• "Port for access from desktop application": Port number for access via the SmartClient
application. Default value is "5900".
4.3 Network drive

Under "Network drive", you manage a network drive that can be accessed by the HMI device.
The network drive must be on a server PC in the subnet of the HMI device and be enabled for
access. The operating system of the server PC must support the network protocol SMB 3.0.
You can use a network drive only for the data exchange between the server PC and HMI
device.
This means that a network drive cannot for example, be used for the following functions:
• Updating, backing up and restoring the operating system
• Transferring a project
• Importing user management from a file or exporting it to a file
• Runtime functions, for example, logging or reporting
• Importing certificates
Control Panel V18

4.3 Network drive
Network Drive
• The following buttons with the following functions are located above the list:
– "Add": Add network drive
The "Add" button is disabled as soon as a network drive is entered in the list.
– "Edit": Edit the properties of a network drive
– "Remove": Disconnect network drive
– "Refresh": Refresh the status of the network drive
The entries in the "Status" column are displayed for about 60 seconds. By using the
"Refresh" function you import the latest status information again.
• The following properties of the network drive are displayed in the list:
– "Network Path": Path of the network drive
– "User Name": User name used to connect to the network drive
– "Local Path": Local path for accessing the network drive, for example, "/net/mount"
– "Status": Information on the connection status of the network drive, see paragraph
"Status alarms" at the end of the section.
Note
"Reboot" and "Update OS"
The network drive remains in the list after a restart of the HMI device.
When updating the operating system, the entries under "Network Path" are retained, the
credentials "Username" and "Password" must be entered again for security reasons.
Control Panel V18

4.3 Network drive
Add network drive

1. Press "Add" to open the "Network Drive Parameters" dialog.
The maximum permissible number of characters in the three input fields is 255.
The input fields "Network Path" and "Username" are mandatory fields; the following
characters are permitted in these input fields:
– Capital letters (A - Z)
– Lowercase letters (a - z)
– Numbers (0 - 9)
– Special characters (_ . -)
The special character / is permitted for the input field "Network Path".
The special character \ is permitted for the input field "Username".
The input field "Password" does not have any character restrictions.
2. Under "Network Path", enter the path to an enabled network drive in the subnet of the HMI
device.
Syntax: "//<IP address of the server PC>/<Enable name of the network drive>"
Example: "//169.254.139.190/mounttest"
Always use the IP address; specification of the computer name is not supported.
3. Under "Username" and "Password", enter the credentials of a user who has access to the
network drive.
Use the following button to make the password visible for the display duration of the
dialog:
4. Confirm your entries with "OK".

The "Network Drive Parameters" dialog box closes.
When the connection was set up successfully, the "Connected" information is displayed in the
"Status" column of the "Network Drive" list.
When the connection could not be set up, the "Failed" information is displayed under "Status".
In this case, check the connection to the server PC and the enable properties of the network
drive.
Control Panel V18

4.3 Network drive
Status messages
The following table shows the status messages, their meaning and the possible remedy in
case of errors.
Status message Meaning Remedy

Connecting The connection to the -
network drive is being
established.
Connected The network drive was -
successfully connected.
No such file or The path specified under Make sure that the specified network path
directory "Network Path" does not exist. exists and check the spelling in the input field
"Network Path".
Authentication failed The credentials are incorrect. Make sure that the specified user has access to
the network drive. Check the spelling in the
input fields "Username" and "Password".
Input/Output error Unable to connect the Check the connection between PC and HMI
network drive. device.
Establish the connection to the network drive
again.
Timeout There are synchronization Check the connection between PC and HMI
problems with the added device.
network drive. Try to connect the network again with "Edit"
and "OK".
Control Panel V18

Security 5
5.1 User management
A convenient user management is available to you under "User management". The user
management is configured in WinCC, transferred to the HMI device and managed on the HMI
device.
Web access is also available for user management, see "Web access to the HMI device
(Page 74)". Note that the functions for RFID assignment are not available via web access.
Note
Important information on the configuration and project transfer
• If you do not assign a user a role or a role and no function right in the configuration, the
user or the role is not loaded to the device.
In WinCC, configure all roles required on the HMI device with all function rights required
on the HMI device. Assign each role required on the HMI device to at least one user.
• To transfer the user management from WinCC to the HMI device, the option "Keep current
user management data in runtime" must be disabled in the "Load preview" dialog during
project transfer .
You can find detailed information on the configuration in the TIA information system under
"Visualizing processes (RT Unified) > Configuring users and roles (RT Unified)".
The complete user list is only visible and editable for users who have been assigned the "User
management" function right in the configuration.
Users with other function rights see their own entry in the user list and should only use the
buttons in the "Current user" area.
When password protection is enabled for the Control Panel, only users with the "Control
Panel access" function right can access the Control Panel.
The password guidelines are specified during configuration. The function rights of a user are
valid for the Control Panel as well as for the runtime software.
Current user
• "Logged in user": Displays the login name of the user currently logged in. If no user is
logged in yet, then "No User logged in" is displayed.
Control Panel V18

Security
5.1 User management
• "Change password": Button to change the password for the user currently logged in. After
pressing the button, the "Change password" dialog is displayed.
Enter the previous password once and the new password twice. The following button can
be used to make the passwords visible for the display duration of the dialog box:
• "Change user": Button for changing the current user.

"Login": Button for logging in a user.
After pressing the button, the "User Login" dialog is displayed.
Enter the desired login name with the associated password and log in using the "Login"
button.
Note
Number of login attempts
The number of login attempts is 19. After 19 failed attempts, the user involved is locked
out on the next attempt. The user must be deleted and recreated, or you must reload the
User Management into the HMI device.
Ensure you enter the login credentials correctly.
Alternatively, you can log in via an RFID card if your user has been assigned an RFID login.
Hold the RFID card just in front of the RFID reader and input your PIN if required.
Control Panel V18

Security
5.1 User management
Users
• The following buttons with the following functions are located above the user list:
Create a new user.
Edit data of the user currently selected in the list.
Delete the user currently selected in the list.
Assign an RFID login to the user currently selected in the list. 1
Delete the RFID assignment for the user currently selected in the list. 1
Import complete user management from a ".json" file on an external storage medium. 2
Note: Import completely overwrites the user management on the HMI device.
Export complete user management to a ".json" file on an external storage medium. 2
1 Only use this button if you have the "User management" function rights.
2 For importing and exporting the user management, the "User management" function right is
required; the "Importing and exporting users" function right, which can be configured in WinCC,
is not required.
• The user list displays the users available on the HMI device with the following user
characteristics:
– "Name": Login name of the user.
– "Role": Roles assigned to the user.
– "Maximum session timeout": This value indicates the number of minutes after which
the user is automatically logged off if they no longer perform any operator action.
Value range: 0 to 600 minutes (0 = automatic logout disabled).
– "RFID": Information whether the user has been assigned an RFID card. "YES" means:
RFID card assigned.
– "PIN": Information whether a PIN has been assigned to the user for the RFID login. "YES"
means: PIN assigned.
– "Comment": Comment text for the user.
Control Panel V18

Security
5.1 User management
Note
You cannot edit or delete yourself as a user.
To ensure that at least one user with the "User management" function right remains on the
HMI device, users cannot edit or delete themselves. A second user with the "User
management" function right is required for this purpose.
Note
Maximum session timeout
In the Engineering System, you can configure a maximum session duration for a role as well
as for a user. If these values differ, only the smaller of the two values is transferred to the
Panel during loading.
Creating or editing users

The editing functions are only available for users who have been assigned the "User
management" function right in the configuration.
Use the following button to create a new user:
With the following button you edit the data of a user:
After pressing one of the two buttons, the dialog "Add user" or the dialog "Edit user" is
displayed. Both dialog boxes are identical in content.
The following figure shows an example of the "Edit user" dialog box.
Control Panel V18

Security
5.1 User management
• "Login user name": Display field with the login name of the user.
• "Role": Drop-down list for assigning the user to one or more roles. The roles are defined in
the WinCC project for the HMI device and assigned the corresponding function rights.
The following system-defined roles are always transferred to the HMI device:
Role designation Authorization in the Control Panel Authorization in Runtime

HMI Operator - Web access, Operate, Monitor
HMI Monitor - Web access, Monitor
HMI Monitor Client - Web access, monitoring without
influencing the processes in the
controller
HMI Administrator User management, Import and export Remote access, Monitor, Operate,
users, Control panel access Web access
The drop-down list also contains the configured roles that were transferred from the
WinCC project to the HMI device.
Note
The HMI role "HMI Monitor Client" is superior to all other roles and their function rights. A
user to whom the role "HMI Monitor Client" is assigned gets the function rights of only
that role. Any superior function rights of other roles that are assigned to the user will be
lost.
You can find detailed information on users, roles and function rights in the TIA Portal
Information System.
• "Password": Text box for the password of the user. If you do not enter anything, the user's
existing password remains unchanged.
• "Confirm password": Text box for confirming the password.
• "Maximum session timeout": This value indicates the number of minutes after which the
user is automatically logged off if they no longer perform any operator action.
Value range: 0 to 600 minutes (0 = automatic logout disabled).
• "Enable authentication via RFID card": Option to enable the RFID login for the user.
• "PIN required for authentication with RFID card": Option for activating 2-factor
authentication with PIN for RFID login.
• "PIN": Text box for the PIN. Only digits are allowed, the maximum length is 6 digits.
• "Comment": Note on changing the user.
• "Edit user" or "Add user" Button for saving the user.
• "Cancel": Button for discarding the changes.
Control Panel V18

Security
5.1 User management
Peculiarities with RFID login

Take into consideration the following notes in conjunction with the RFID login:
• The RFID login only works with an RFID reader that is directly connected to the HMI device.
• The RFID login only works for the local user management.
• You can use the RFID login both in Control Panel as well as in Runtime.
• The RFID assignments remain in place even after the operating system has been updated,
provided that the currently existing users are transferred to the HMI device when the
project is loaded.
RFID assignment in the "Add new user" dialog

1. Ensure that you are logged in as a user with the "User management" function rights in the
Control Panel.
2. Press the "Create user" button.
3. Enter a user name under "Login user name".

4. Under "Role", select the desired authorizations for the user from the list.
5. Enter the password for the user login under "Password" and "Confirm password".
6. If necessary, change the value under "Maximum session timeout".
7. Select the "Enable authentication via RFID card" option.
8. To use the RFID login without a PIN, leave the "PIN required for authentication with RFID
card" option disabled.
For 2-factor authentication, enable the "PIN required for authentication with RFID card"
option and enter a code with 1 to 6 digits under "PIN".
9. Select "OK". The following dialog is displayed:
10.Select "OK". The "OK" button is shown with a colored background.
11.Take an RFID card that is not yet assigned to a user.
Control Panel V18

Security
5.1 User management
12.Hold the RFID card in front of the RFID reader until the following dialog is displayed:
13.Remove the RFID card from the reader and select "OK".
A new user has been created and an RFID login has been assigned to the user. The user can
log in by holding their RFID card briefly in front of the RFID reader.
Change the RFID assignment using the "Edit user" dialog

To change the RFID assignment of a user from the user list, follow the steps below:
Control Panel.
2. Select a user in the user list.
3. Press the "Edit user" button.
4. Enable or disable the "Enable authentication via RFID card" option.

5. If you have enabled the "Enable authentication via RFID card" option and want to use the
RFID login without a PIN, leave the "PIN required for authentication with RFID card" option
disabled. For 2-factor authentication, enable the "PIN required for authentication with RFID
card" option and enter a code with 1 to 6 digits under "PIN".
Note
Changing the PIN
You can also use the "PIN" text box to change the existing PIN of the user.
6. Select "Edit user". The following dialog is displayed:
7. Select "OK". The "OK" button is shown with a colored background.
Control Panel V18

Security
5.1 User management
8. If the user has not yet been assigned an RFID login, take an RFID card that has not yet been
assigned to a user.
If the user has already been assigned an RFID login, take the previous RFID card of this
user.
9. Hold the RFID card in front of the RFID reader until the following dialog is displayed:
10.Remove the RFID card from the reader and select "OK".
The RFID assignment of the user has been changed.
The "Assign RFID login" button

You can also use the "Assign RFID login" button for the RFID assignment. The button only
works for users who have not yet been assigned an RFID login.
Proceed as follows:
Control Panel.
2. Select a user in the user list to whom an RFID login has not yet been assigned.
3. Press the "Assign RFID login" button.
The "RFID assignment" dialog is displayed.
4. To use the RFID login without a PIN, leave the "PIN" text box blank.
For 2-factor authentication, enter a code with 1 to 6 digits under "PIN".
5. Select "OK". The "OK" button is shown with a colored background.
6. Take an RFID card that is not yet assigned to a user.
Control Panel V18

Security
5.1 User management
7. Hold the RFID card in front of the RFID reader until the following dialog is displayed:
8. Select "OK".
The RFID login has been assigned to the user. The user can log in by holding their RFID card
briefly in front of the RFID reader.
The "Delete RFID assignment" button

You can also use the "Delete RFID login" button to remove the RFID assignment. The button
only works for users to whom an RFID login has been assigned.
Proceed as follows:
Control Panel.
2. Select a user in the user list to whom an RFID login has been assigned.
3. Press the "Delete RFID assignment" button.
The "Disable authentication via RFID card" dialog box is displayed.
4. Select "OK".
The user can no longer log in with the RFID card.
Control Panel V18

Security
5.2 Certificates
5.2 Certificates
You can use this function to import, display and delete certificates and certificate revocation
lists.
A digital certificate consists of structured data, which confirms ownership and other
properties of a public key.
When handling certificates, note the information on Industrial Security (Page 73).
Certificates on the device
• "Certifcate store": Drop-down list for the following certificate categories:

– "Certificate Authorities": Trusted root certificate authorities and intermediate certificate
authorities.
– "My Certificates": Certificates of HMI device applications, mostly server certificates,
such as OPC UA server.
– "Other Certificates": Self-signed end entity certificates and trusted end entity
certificates.
– "Certificate Revocation Lists" for certificate revocation lists.
• The certificate list displays the certificates of the selected category.
If you select an entry in the list, then the "Certificate details" for certificates or the
"CRL details" for certificate revocation lists are displayed below the list.
• "Revoke": Button to mark a certificate as not trustworthy. This function is only available in
the "Other Certificates" certificate category.
"Trust": Button to mark a certificate as trustworthy. This function is only available in the
"Other Certificates" certificate category.
Control Panel V18

Security
5.2 Certificates
• "Import": Button for importing one or more certificates from a data storage medium.
Note
Supported file formats for certificates
The import function supports certificate files of type ".enc", ".der", ".crl" and ".pem".
Files of type ".enc" are exported from the "WinCC Unified Certificate Manager" and contain
a collection of keys, certificates and CRLs.
If you want to import an individual cryptographic file, the supported formats for CER and
CRL files end in ".pem" and ".der". The individual file should have a CA certificate or a CRL
with extension ".der", ".crl" or ".pem".
The "Import certificate" dialog is displayed after the "Import" button has been pressed.
Select the storage medium and certificate file and import the certificate file using the
"Import" button.
When you import an encrypted certificate with the ".enc" file extension, enter the
following additional data:
– "Password": The encryption password that was specified when the certificate was
generated.
– "Iteration": The iteration count that was specified when the certificate was created.
• "Delete": Button to delete the currently selected certificate in the certificate list.
Note
The selected certificate is deleted immediately without prompt.
Control Panel V18

Security
5.2 Certificates
Certificate details
• "Certificate name": Name of the certificate.

• "Status": Status of the certificate on the HMI device ("Trusted" or "Revoked"). This display
field is only available in the certificate category "Other Certificates".
• "Thumbprint": Character string to prove the authenticity of the certificate.
• "Valid from": Start of the validity of the certificate.
• "Valid to": End of the validity of the certificate.
• "Issued to": Recipient of the certificate.
• "Issued by": Issuer of the certificate.
CRL details
• "CRL name": Designation of the certificate revocation list.

• "Issuer": Issuer of the certificate revocation list.
• "CRL number": Consecutive version number of the certificate revocation list.
Control Panel V18

Security
5.3 Control panel access
• "Last update": Time of creation of this certificate revocation list.

• "Next update": Time of creation of the next certificate revocation list.
• "Thumbprint": Character string to prove the authenticity of the certificate revocation list.
• "CRL count": Number of entries in the certificate revocation list.

Under "Control panel access" you can protect access with a password on the Control Panel.
Only users who have been assigned the "Control Panel access" function right in the
configuration can change the password protection.
Control panel access
• "Enable password protection for control panel": Option to enable password protection for
the Control Panel.
The password protection can only be activated or deactivated by users who have been
assigned the "Control Panel access" function right in the configuration.
If you are not yet logged in as a user with the "Control Panel access" function right and
enable the option "Enable password protection for control panel", the "Access to control
panel is restricted" dialog is displayed.
Log in as a user with the "Control Panel access" function right to activate the password
protection for the Control Panel. Use the following button to make the password visible
for the display duration of the dialog:
Control Panel V18

Security
Note
Number of login attempts
The number of login attempts is 19. After 19 failed attempts, the user involved is locked
out on the next attempt. The user must be deleted and recreated, or you must reload the
User Management into the HMI device.
Ensure you enter the login credentials correctly.
Alternatively, you can log in via an RFID card if an RFID card has been assigned to your
user. Hold the RFID card just in front of the RFID reader and input your PIN if required.
Note
Password protection of the Control Panel and project transfer
When access to the Control Panel is protected, you must ensure that the user
management has been configured correctly in the TIA Portal before transferring a project
again. This means:
• A user with "Control Panel access" right has been configured.
• When central user management is being used, all data for accessing the UMC server
has been entered correctly.
Recommendation:
• Before loading again, disable the "Enable password protection for control panel"
option.
• After loading, verify that the user with "Control Panel access" right can log in. If this is
not the case, correct the configuration of the user management.
• Enable the "Enable password protection for control panel" option again.
If you are logged in as a user with the "Control Panel access" functional right, the "Access to
control panel is restricted" dialog is no longer displayed when accessing the Control Panel.
If you are not logged in or do not have the "Control Panel access" function right, the "Access
to control panel is restricted" dialog is displayed when accessing the Control Panel.
Access to the Control Panel can be triggered directly in the Control Panel or via a system
function of the Runtime software.
Control Panel V18

Security
5.4 UMAC settings
5.4 UMAC settings

Under "UMAC settings", you can see whether local or central user management is used on the
HMI device.
The local or central user management is configured in WinCC and transferred to the HMI with
the download.
Note
You can only switch between local and central user management in WinCC.
When loading the central user management, all local users on the HMI device are deleted.
The RFID assignment can only be used in conjunction with the local user management.
Configuration of user management
• "Use local user management (users stored on this device)": Information that local user
management is used. The data in this window cannot be edited; the users are managed
locally under "Security" > "User management".
• "Use central user management (users taken from server)": Information that central user
management is used. The connection settings are configured in WinCC and transferred to
the device during loading. The settings on the HMI device can be adjusted, if required.
Control Panel V18

Security
5.4 UMAC settings
Meaning of the connection settings for central user management:

• "Server address": IP address or device name of the UMC server.
• "Server-ID": Unique string for identification of the UMC server. You can enter the server ID
manually or have it determined automatically during connection setup.
• "Generate address of identitiy provider automatically": Option for automatic generation of
the address of the ID provider on the UMC server. The default setting is "enabled". Disable
this option if you do not want to use the UMC server but a different server as ID provider.
This may be necessary when using a server farm, for example.
• "Address of identity provider": Address of the ID provider either generated automatically
via the option "Generate address of identitiy provider automatically" or entered manually,
if necessary.
• "Connection status": Connection status to the UMC server, possible values:
– <empty>: The connection to the UMC server has not been tested yet.
– "Connected": The connection to the UMC server has been established and tested.
– "Not connected" - <error message>: There is no connection to the UMC server. The
<error message> provides information about the possible cause.
– "Connection not possible" - <error message>: The connection to the UMC server could
not be set up. The <error message> provides information about the possible cause.
• "Check connection": Button to check the connection to the UMC server.
• "Connect to server": Button to set up the connection to the UMC server.
• "Reset configuration": Button to delete the connection settings.
Establishing a connection to the central user management

When all connection settings have been configured correctly and transferred with the project
to the HMI device, the HMI device is automatically connected to the central user
management. No value is specified under "Connection status" because the connection has
not been checked yet. Press the "Check connection" button to check the connection.
When the central user management has not been configured completely or is incorrect, you
can adjust the settings on the HMI device. Press the "Connect to Server" button to connect the
device to the central user management.
When the connection was set up successfully, the "Connected" information is displayed under
"Connection status". The "Connect to server" button turns into "Check connection".
More information is available in the TIA information system under "Visualizing processes
(RT Unified) > Configuring users and roles (RT Unified)".
Control Panel V18

External Devices and Input 6
6.1 Hardware interfaces
Under "Hardware interfaces", change the settings for accessing the storage media interfaces.
You can deactivate one or more interfaces to protect the HMI device from unauthorized
external access.
The system memory card interface cannot be deactivated.
Data memory card slot
• "Activate data memory card slot": Option to enable or disable the interface for the data
memory card. The default setting is "Activated".
Activate USB ports
• "X61": Option to activate or deactivate the USB port X61.

Default setting for all USB ports is "activated".
Control Panel V18

Language, Region and Formats 7
7.1 Date and time
Under "Date and time", set the date, time, and time zone for the HMI device manually or via a
time server on the network.
NOTICE
Setting the date and time correctly
When the date and time are not set correctly, malfunctions may occur in the plant. To
prevent malfunctions, set the date and time of the HMI device and all controllers connected
to the HMI device to the correct values or use an NTP server for time synchronization. Check
the correct settings for date and time after every update of the operating system.
NOTICE
Time synchronization required for time-dependent reactions
A malfunction may occur in the plant if the date and time are not synchronized and time-
dependent reactions are triggered in the plant via the HMI device. To avoid malfunctions,
use automatic time synchronization via one or more NTP servers.
Date and time
• "Date": Display field with the current date.

• "Current Time": Display field with the current clock time.
Control Panel V18

Language, Region and Formats
7.1 Date and time
• "Time zone": Selection list for the desired time zone.
Note
Automatic daylight saving/standard time switchover
If you select a time zone in which there is a switchover between daylight saving and
standard time, the switchover takes place automatically on the relevant date.
• "Set date and time manually" (default setting): Option for manual time setting on the HMI
device. If you select this option, the following list is displayed below the options:
Set the day, month, year and time by scrolling the respective list column so that the
desired date and time are displayed in the framed line in the middle of the list. The "Set
Date and Time" button is used to save the setting.
• "Synchronize time with a NTP (Network Time Protocol) server": Option for automatic time
synchronization via an NTP server. If you select this option, the following parameters for
specifying time synchronization via NTP servers are displayed below the options:
Enter the desired synchronization interval under "Update rate", value range 10 to 86400
seconds (1 day). After the input, the value is rounded to the nearest power of two based
on the internal format.
Add at least one and a maximum of four NTP servers using the "Add Server" button.
Specify the IP address for each NTP server and make sure that the device is set up as an
NTP server.
Control Panel V18

Service and Commissioning 8
8.1 Transfer
Under "Transfer" you define whether and how data is transferred from a configuration PC to
the HMI device.
Transfer mode
• "Enable transfer": Option to enable or disable data transfer to the HMI device. The default
setting is "enabled".
If you disable the transfer, you protect the HMI device against unintended update of the
operating system and overwriting the project data.
Encrypted project transfer
• "Password": Password for the encrypted transfer of the project. The password must match
the password that was specified in the configuration under the runtime settings of the
HMI device.
To enter the password, tap the entry field.
• "Set Password": Button to save the password for the encrypted project transfer.
As an alternative, you can transfer the password unencrypted during the initial loading of the
project.
Control Panel V18

Service and Commissioning
8.2 Update OS
8.2 Update OS
The firmware and operating system version of the HMI device must be compatible with the
firmware and operating system version of the installed WinCC software. If this is not the case,
then you must update the operating system.
Use "Update OS" to update the operating system of the HMI device. The operating system is
contained in several firmware files. The master file has the extension ".fwf". The number of
The "Update OS" function is available under both "System Properties" and "Service and
Commissioning".
NOTICE
Updating the operating system deletes data on the HMI device
Project, parameter sets and user administration will be deleted when you update the
operating system on the HMI device.
Before updating the operating system, backup the data on the HMI device, if necessary.
All settings, except the following settings which you changed in the Control Panel before
updating the operating system, are retained even after the update of the operating system:
• The external interfaces become activated again (default setting), see section "Hardware
interfaces (Page 49)".
• The time zone is reset to the default setting "(UTC) Coordinated Universal Time", see
section "Date and time (Page 50)".
• The credentials for connected network drives must be entered again, see section
"Network drive (Page 29)".
NOTICE
Control Panel V18

8.2 Update OS
Use a SIMATIC SD memory card with 32 GB or more or an industrial USB flash drive to load
the firmware.
Firmware files for the HMI devices can be downloaded from the Internet
(https://support.industry.siemens.com/cs/ww/en/view/109746530). Observe the
documentation included with the download.
Note
Do not rename firmware files
If you change the name of the firmware files, the operating system can no longer be updated
with these firmware files. The firmware files become unusable. Leave the name of the
firmware files unchanged.
Note
Copy firmware files completely
If you copy the firmware files, be sure to also copy the master file ".fwf" together with all
associated firmware files (".0", ".1", ".2", etc.).
If one of the files is missing, the operating system cannot be loaded.
Alternatively to the "Update OS" function in the Control Panel, you can use the "Update OS"
function in WinCC.
Panel Information
• "Device type": HMI device type designation.

• "Image version": Version of the firmware and operating system.
Select storage media for OS update
Use the selection list to select the storage medium on which the firmware file is located.
Control Panel V18

8.3 Backup
Firmware files on external storage
• The list shows all firmware files that can be loaded into the HMI device.
Select the desired firmware master file (.fwf) from the list.
• "Update OS": Button for starting the loading process.
The HMI device restarts after the "Update OS" button is pressed. The loading process then
begins.
A dialog with a progress bar is displayed on the HMI device for each firmware file.
The HMI device is restarted again after the completion of the loading process.
The main window of the Control Panel is displayed after the restart. The operating system
on the HMI device is updated.
8.3 Backup
Under "Backup" you can back up the operating system, applications and data from the flash
memory of the HMI device to an external storage medium.
Use a SIMATIC SD memory card ≥ 32 GB or an industrial grade USB stick as storage medium.
Depending on the amount of data on the HMI device, a backup may require up to 20 GB of
memory. Make sure that the storage medium has sufficient free space. Recommendation: At
least 5 GB of free space on the storage medium.
Remote access to the HMI device is not possible during the backup process.
Do not turn off the HMI device during the backup process.
Select storage media
Select the storage medium on which you want to back up the data.
Control Panel V18

8.3 Backup
Complete backup file
• "File name": Name of the backup. Select a name that best identifies the backup.
A backup includes multiple files. The master file has the extension ".brf". The number of
• "Create backup": Button to start the backup process.
After the "Create backup" button has been pressed, the system checks whether a backup
with the name specified under "File name" already exists on the storage medium. If yes,
then a warning is displayed. Select "OK" to overwrite the backup or "Cancel" to specify a
different name for the backup.
The backup process starts with a restart of the HMI device, followed by the data backup.
During the data backup, a folder with the name of the backup is created in the root
directory of the selected storage medium. The backup files are saved in this folder. A
dialog with a progress bar is displayed for each backup file.
The HMI device is restarted again after the completion of the backup process.
The main window of the Control Panel is displayed after the restart.
The data of the HMI device are saved on the storage medium.
Note
Do not rename backup files on the data storage medium
If you change the name of the backup files on the data storage medium, these backup files
can no longer be loaded into the HMI device using the "Restore" function.
Leave the name of the backup files on the data storage medium unchanged.
Note
Copy backup files completely
If you copy the backup files, be sure to also copy the master file ".brf" together with all
associated backup files (".0", ".1", ".2", etc.).
If one of the files is missing, the backup cannot be loaded.
Control Panel V18

8.4 Automatic backup

Under "Automatic backup" you can activate or deactivate the "Automatic backup" function.
If the "Automatic backup" function is activated the data of the HMI device is automatically
backed up to the system memory card during operation in form of a backup including
firmware. The data on the system memory card are permanently synchronized with the data
of the HMI device. You can insert the system memory card into any HMI device of the same
type. After data is copied and a restart has been performed, the HMI device of the same type
is operational.
Note
Only use SIMATIC SD memory card ≥ 32 GB as system memory card
Only the SIMATIC SD memory card ≥ 32 GB is permitted for use as a system memory card.
Other memory cards are not recognized as system memory card by the HMI device.
Note
System memory card in a device of a different type
If you use the system memory card of an HMI device in an HMI device of a different type, an
error message is displayed.
When servicing, use a system memory card only in HMI devices of the same type.
NOTICE
Do not remove the system memory card for "automatic backup" during operation
If the "Automatic backup" function is activated, the system memory card may only be
removed when the HMI device is switched off.
NOTICE
In the delivery state of the device, the function "Automatic backup" is disabled.
The "System memory card plugged" dialog box is displayed as soon as you insert a memory
card into the system memory card slot. To go to the Control Panel, click "OK". There you can
activate a new system memory card or restore data from a prepared system memory card.
Control Panel V18

Automatic backup
• "Show notification if system card is plugged": Option to enable or disable the automatic
message "System memory card plugged".
• "Status": Status information on the system memory card in slot X50.
– "No system memory card inserted": There is no system memory card in slot X50.
– "System memory card is invalid": There is an unsupported or incorrectly formatted
system memory card in slot X50.
– "Backup on system memory card is not device compatible": The system memory card of
a non-identical HMI device or an HMI device with different HMI device image is located
in slot X50.
– "Ready for automatic backup": There is a correctly formatted SIMATIC SD memory card
in slot X50.
– "Starting automatic backup": Status message after pressing the button "Start", the
system memory card is being prepared.
– "Synchronizing data": Status message during preparation of the system memory card.
– "Automatic backup active": Status message when preparation of the system memory
card has been completed, the "Automatic backup" function was successfully activated.
– "Resetting system memory card": The system memory card is formatted.
• "Start": Button to activate the "Automatic backup" function.
• "Stop": Button to deactivate the "Automatic backup" function.
• "Reset card": Button for formatting the system memory card.
Use cases
We differentiate between the following use cases, depending on whether the system
memory card was previously used for automatic backup.
Control Panel V18

Activating automatic backup for an empty system memory card

1. Insert the SIMATIC SD memory card without automatically saved data into slot X50.
The "System memory card plugged" dialog box is displayed.
2. Press "OK".
The window "Service and Commissioning" > "Automatic backup" opens in the Control Panel.
"Ready for automatic backup" is displayed in the "Status" field.
3. Press the "Start" button.

The "Start automatic backup" dialog box is displayed.
4. Press "OK".
The status message "Starting automatic backup" is displayed. The system memory card is
being prepared.
Note
Do not remove the system memory card during the preparation.
If you remove the system memory card from the HMI device during the preparation, the
system memory card cannot be used for automatic backup. Leave the system memory
card in its slot during the preparation process.
Control Panel V18

The status message "Synchronizing data" is displayed during the preparation.
When the preparation is complete, the status message "Automatic backup active" is
displayed.
You have successfully activated the "Automatic backup" function.
Using automatic backup of a system memory card

If a system memory card already contains automatically backed-up data, the corresponding
backup must first be loaded. Automatic backup can then be continued.
1. Insert the SIMATIC SD memory card with automatically backed-up data in slot X50.
The "System memory card plugged" dialog box is displayed.
2. Press the "OK" button.

The window "Service and Commissioning" > "Restore" opens in the Control Panel.
Control Panel V18

3. Select a backup file and press the "Restore" button.

The following dialog box indicates that all data on the device will be overwritten.
4. Start the restore process via the "OK" button or cancel the process via the "Cancel" button.
The HMI device restarts after the "OK" button is pressed. The restore process then begins.
During the restore process, the "Automatic backup restore" dialog box is displayed with a
progress bar.
The HMI device is restarted again after the completion of the restore process.
After the data transfer, the state of the HMI device is the same as that of the HMI device used
to generate the automatic backup.
To continue the automatic backup on the HMI device, reactivate the "Automatic backup"
function under "Service and Commissioning" > "Automatic backup" in the Control Panel.
See also
Backup (Page 55)
Control Panel V18

8.5 Restore
8.5 Restore
Under "Restore", you can restore the backup of an HMI device from a storage medium.
Remote access to the HMI device is not possible during the restore process.
A restore operation deletes the flash memory of the HMI device on confirmation. The data
backed up on the storage medium is then transferred.
NOTICE
Data loss
All data on the HMI device, including the project and HMI device password, is deleted during
a restore operation. License keys are only deleted after a security prompt.
Back up your data before the restore operation, if necessary.
Select storage media
Select the storage medium on which the backed-up data is stored.
Backup files
• The list shows all backups that can be loaded to the HMI device.
Select the desired backup from the list.
Control Panel V18

8.6 Trace forwarder
• "Restore": Button to start the restore process.

The HMI device restarts after the "Restore" button is pressed. The restore process then
begins.
Do not switch off the HMI device during the restore process and do not disconnect the
data source from the HMI device.
During the restore process, a dialog with a progress bar is displayed for each backup file
loaded.
The HMI device is restarted again after the completion of the restore process.
The data from the storage medium is now restored on the HMI device.
Note
System behavior when the process is interrupted
If the restore process cannot be completed due to a power failure or an interrupted data
connection, for example, the HMI device starts in maintenance mode and the factory settings
must be restored.
8.6 Trace forwarder

You specify whether or not trace outputs are displayed and backed up on an external storage
medium under "Trace forwarder".
Trace forwarder
• "Enable Trace forwarder": Option to enable or disable the "tracing" service. The default
Enable "Tracing" for diagnostics and service purposes, e.g. to display trace outputs from
scripts. If you start the HMI device in maintenance mode, the "Tracing" function is
automatically enabled. You can find additional information in FAQ Entry 109777593 on
the Internet (https://support.industry.siemens.com/cs/ww/en/view/109777593).
Control Panel V18

8.6 Trace forwarder
• "Enable Trace logger": Option to back up "tracing" information on an external storage

medium. The default setting is "deactivated".
– "Storage Medium": Storage medium on which the "tracing" information is to be backed
up.
– "Select Path" (optional): Path to location where the "tracing" information is to be
backed up. The name of the path must begin with "/" and may contain only Latin
characters and none of the following special characters:
!#$%&()*+,:;<=>?@[]_{|}~^
Note
When the HMI device restarts, both options are disabled for security reasons.
See also
Event Logger (Page 15)
Control Panel V18

Apps 9
The following options are available for managing apps on the HMI device under "Apps":
• Start apps that were especially developed for SIMATIC under "SIMATIC Apps" or adjust
their settings.
• Start pre-installed apps under "Add-ons" or adjust their settings.
• Uninstall and start pre-installed apps via the "App management" under "Settings" or
change their settings.
The following figure shows an example of the delivery state of an HMI device.
To open an app, to change the settings of an app or to uninstall an app, select an entry under
the category "SIMATIC Apps", "Add-ons" or "Settings".
The entries under the categories are described in the following sections:
• SIMATIC Apps (Page 66)
• Add-ons (Page 69)
• Settings (Page 72)
Control Panel V18

Apps
9.1 SIMATIC Apps
Note
Best performance
Each app takes up a specific amount of work memory. The greater the number of apps and
tabs open in the "Web Browser" app, the smaller the amount of available work memory.
Note the following recommendations to achieve the best performance of your HMI device:
• Keep the number of apps that are open simultaneously as small as possible.
• Close any apps that you no longer need.
• If possible, open only one tab in the "Web Browser" app.
9.1 SIMATIC Apps

Under "SIMATIC Apps", you can find apps that were specifically developed for the SIMATIC
environment, such as "SIMATIC Edge" and "SIMATIC Extensions".
If the screen keyboard does not open automatically during data input on the web page of a
SIMATIC app, open the screen keyboard using the following icon in the taskbar.
SIMATIC Edge
• "Enable SIMATIC Edge": Option to enable or disable the Edge Management. The default
setting is "disabled". Observe section "Notes on operation (Page 74)".
Control Panel V18

Apps
9.1 SIMATIC Apps
• "Open edge management": Button to open the Edge Management web page in the "Web
Browser" app on the HMI device.
The first time you click the button, the "Activate Edge Device" dialog is displayed. In this
dialog you decide whether you want to use the local Edge Management or central Edge
Management in the future.
Select "Standalone" for local Edge Management or "Central Managed" for central Edge
Management IEM.
Under "Settings" you can make network settings for the Edge Management, if necessary.
Once you have decided whether you want to use the local Edge Management or central Edge
Management, the "Activate Edge Device" dialog is no longer displayed in the future.
The "Sign in" dialog is displayed for logging in to the Edge Management.
Log in to the Edge Management as a user with the required authorizations.

The Edge Management website is opened in the "Web Browser" app.
Alternatively, you can open "SIMATIC Edge" via web access, see "Web access to the HMI
device (Page 74)".
You can find detailed information about the Edge Management for Unified Comfort Panels in
the following document: Operating manual "Unified Comfort Panels Industrial Edge Device -
Operation" (https://support.industry.siemens.com/cs/ww/en/view/109804671)
Control Panel V18

Apps
9.1 SIMATIC Apps
SIMATIC Extensions
• "Enable SIMATIC Extensions": Option to enable or disable the SIMATIC Extensions. The
default setting is "disabled".
• "Open SIMATIC Extensions": Button for opening the SIMATIC Extensions in the "Web
Browser" app on the HMI device.
SIMATIC Extensions is a web-based application with which you can change in runtime the
configuration of the project running on a Unified Comfort Panel.
To change the configuration of the SIMATIC Extensions locally, enable the option "Enable
SIMATIC Extensions" and select "Open SIMATIC Extensions".
Alternatively, you can open "SIMATIC Extensions" via web access, see "Web access to the HMI
device (Page 74)".
The SIMATIC Extensions website with the "Sign in" window is displayed. Log in as a user with
the "HMI Administrator" role.
You can find detailed information on the use of SIMATIC Extensions using the "UserManual"
link at the top left in the header of the SIMATIC Extensions website.
Control Panel V18

Apps
9.2 Add-ons
9.2 Add-ons
Under "Add-ons" you will find pre-installed apps such as "Doc Viewer", "E-Mail Client",
"File Browser", "Media Player", "PDF Viewer", "Printer Configuration" and "Web Browser". The
following figure shows the symbol of the "Doc Viewer" as an example.
All pre-installed apps under "Add-ons" have a "Start" button, the "Autostart" function is also
available for most apps.
<App name>
• "Start app automatically at panel start": Option to activate or deactivate the "Autostart"
function for the respective app, not available for all apps. If this option is selected, the app
starts immediately after the start of the Control Panel. The app is displayed in the
foreground of the Control Panel.
• "Start": Button for manually starting the respective app.
The following table shows a short description of the pre-installed apps.
App Description "Autostart"

available
Doc Viewer With the "Doc Viewer" you can view and edit documents such as text or Yes
Word files.
Note: Do not use the "Doc Viewer" to edit files that have been saved via
the Runtime software or a system function. These files include, for
example, parameter sets that were exported to a .tsv file.
When printing to a file, leave the default setting "Portable Document
Format" (.pdf) for the file type unchanged.
E-Mail Client With the "E-Mail Client" you can connect to your e-mail accounts, Yes
receive e-mails, send e-mails and import mail files from other
applications.
The first time the "E-Mail Client" is called, a configuration wizard is
started. During configuration, enable SSL encryption for sending and
receiving e-mail.
File Browser With the "File Browser", you can find and manage files in the internal Yes
memory and on storage media of the HMI device.
Note: The function "Eject storage medium" is not supported in the
"File Browser". Use the "EjectStorageMedium" system function instead.
Media Player You can use the "Media Player" to play audio and video files. Yes
PDF Viewer You can use the "PDF Viewer" to view PDF documents. Yes
Printer You open the local web page "CUPS" for the printer management via No
Configuration the "Printer Configuration".
Web Browser The "Web Browser" provides you with access to the Internet. Yes
Control Panel V18

Apps
9.2 Add-ons
Managing printers
The printer settings of the HMI device are managed via the local web page "CUPS" (Common
Unix Printing System) under "localhost:631".
To open the printer administration, proceed as follows:
1. Open the printer management via "Apps" > "Printer Configuration" > "Start".
2. In the header, select "Printers".
The "Printers" page shows the pre-installed printers.

To change the properties of a printer or to display its print jobs, click on the printer name
in the "Queue Name" column.
The figure below shows the properties of the "HLL8250CDN" printer.
The following functions are available in the following two selection lists:
– "Maintenance": Printing a test page, pausing the printer, canceling print jobs, canceling
all print jobs
– "Administration":
- "Set Default Options": Specifying settings for the printout
- "Set As Server Default": Defining the printer as the default printer
The "Jobs" list displays the print jobs.
Control Panel V18

Apps
9.2 Add-ons
Starting pre-installed apps from the project

However, you can also start the pre-installed apps via an operating element in the project. To
do this, use the "StartProgram" system function in your configuration.
Enter the following command under "Program name": "/opt/siemens/App_Restriction/<Name
of start script>"
Depending on the desired app, use of the following scripts for the "<Name of start script>":
App to be started Associated start script

Doc Viewer runLibreoffice.sh
E-Mail Client runEvolution.sh
File Browser runThunar.sh
Media Player runVLC.sh
PDF Viewer runEvince.sh
Web Browser runFirefox.sh
Under "Program parameters", you can specify all parameters permitted for calling the app, for
example, which file is to be opened. You can find the permitted parameters on the Internet
by searching for the name of the app specified under "Help" > "About ...".
Examples
1. Open the "MyPDFfile.pdf" from a USB stick connected to interface X61:
– "Program name": "/opt/siemens/App_Restriction/runEvince.sh"
– "Parameter": "/media/simatic/X61/MyPDFfile.pdf"
2. Print ".odt" files to PDF files from Runtime using the "Doc Viewer" app
To print all ".odt" files in the /home/industrial folder to PDF files using the "Doc Viewer",
use the "StartProgram" system function with the following values:
– "Program name": /opt/siemens/App_Restriction/runLibreoffice.sh
– "Program parameters": --convert-to pdf --outdir /home/industrial
/home/industrial/*.odt -headless
See also
App Management (Page 72)
Control Panel V18

Apps
9.3 App Management
9.3 App Management

You can uninstall pre-installed apps or change their settings under "App Management".
Manage Apps
• The list shows all apps installed under "Add-ons".

• "Uninstall": Button to uninstall the selected app. Recommendation: Uninstall apps that you
do not need.
Note
Uninstallation cannot be undone
An uninstalled app cannot be installed again. To get back all apps pre-installed in the
delivery state, you must restore the factory settings of the HMI device.
• "Configure": Button to change the settings of the selected app, see section "Add-ons
(Page 69)".
Control Panel V18

Appendix A
A.1 Industrial Security
Industrial Security
Siemens provides products and solutions with industrial security functions that support the
secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions constitute one element of such a concept.
Customers are responsible for preventing unauthorized access to their plants, systems,
machines and networks. Such systems, machines and components should only be connected
to an enterprise network or the internet if and to the extent such a connection is necessary
and only when appropriate security measures (e.g. firewalls and/or network segmentation)
are in place.
For additional information on industrial security measures that may be implemented, please
visit (https://www.siemens.com/industrialsecurity).
Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends that product updates are applied as soon as they are
available and that the latest product versions are used. Use of product versions that are no
longer supported, and failure to apply latest updates may increase customer’s exposure to
cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS
Feed under (https://www.siemens.com/industrialsecurity).
Disclaimer for third-party software updates

This product includes third-party software. Siemens AG only provides a warranty for
updates/patches of the third-party software, if these have been distributed as part of a
Siemens software update service contract or officially released by Siemens AG. Otherwise,
updates/patches are undertaken at your own risk. You can find more information about our
Software Update Service offer on the Internet at Software Update Service
(https://support.industry.siemens.com/cs/ww/en/view/109759444).
Notes on protecting administrator accounts

A user with administrator privileges has extensive access and manipulation options in the
system.
Therefore, ensure there are adequate safeguards for protecting the administrator accounts to
prevent unauthorized changes. To do this, use secure passwords and a standard user account
for normal operation. Other measures, such as the use of security policies, should be applied
as needed.
Control Panel V18

Appendix
A.2 Notes on operation
A.2 Notes on operation
Storage media
Note
Storage media displayed multiple times
The operating system of the HMI device supports multiple mount points. This means that USB
and SD storage media may be displayed multiple times in file browser dialogs. This does not
affect the functionality of the HMI device and the apps.
Note
Directory for storage media in Runtime and in apps
In file browser dialogs of the Runtime software and in apps that use the same file browser
dialogs, you can find the storage media under "/media".
SIMATIC Edge
Note
Activating SIMATIC Edge
The option "Apps" > "SIMATIC Apps" > "SIMATIC Edge" > "Enable SIMATIC Edge" can only be
activated upon the first start of the HMI device when the start process has been completed.
After starting the HMI device for the first time, wait for approx. 1-2 minutes. Then you can
activate the option "Enable SIMATIC Edge".
A.3 Web access to the HMI device

As an alternative to direct operation on the device, you can access the following applications
of the HMI device via a browser:
• The runtime project
• The user management
• The local "SIMATIC Edge" edge management
• "SIMATIC Extensions"
Control Panel V18

Appendix
Requirement
• The device on which the browser is running is connected to the HMI device in the same
subnet.
• The browser used supports HTML5 and accepts self-signed certificates.
• The following applies depending on the application you want to access:
– "WinCC Unified RT": Web access to the runtime project is activated, see section "Web
client (Page 19)". The runtime software has been started.
– "User Management": The settings for the user management were loaded to the HMI
device, see sections "User management (Page 33)" and "UMAC settings (Page 47)".
– "SIMATIC Edge Management", "SIMATIC Extensions": The associated service is activated
in the Control Panel of the HMI device, see section "SIMATIC Apps (Page 66)".
Opening applications via the homepage

The HMI device has a convenient homepage for applications with web access.
To open the homepage, enter the following URL in the browser: "https://<ip>"
Use the IP address of the HMI device instead of the placeholder "<ip>". When you use a
browser that runs directly on the HMI device, you can also use "localhost" instead of the IP
address.
• "WinCC Unified RT": Button for opening the "Sign in" dialog for runtime.
• "User Management": Button for opening the "Sign in" dialog for the user management.
You can find detailed information on web-based user management via a browser in the
TIA information system under "Visualizing processes (RT Unified) > Configuring users and
roles (RT Unified) > Using the user management on the Unified Comfort Panel > Managing
local users > Managing local users in runtime".
• "SIMATIC Edge Management": Button for opening the "Sign in" dialog for the "SIMATIC
Edge" application.
Control Panel V18

Appendix
• "SIMATIC Extensions": Button for opening the "Sign in" dialog for the "SIMATIC Extensions"
application.
• "Certificate Authority": Button for downloading the HMI device certificate for a secure
connection.
Opening applications without the homepage

Use the following URLs to open the "Sign in" dialog in the respective application without the
homepage.
• "WinCC Unified RT": "https://<ip>/device/WebRH", note the uppercase/lowercase spelling.
• "User Management": "https://<ip>/umc"
• "SIMATIC Edge Management": "https://<ip>/device/edge"
• "SIMATIC Extensions": "https://<ip>/device/simatic-extensions"
Use the IP address of the HMI device instead of the placeholder "<ip>". When you use a
browser that runs directly on the HMI device, you can also use "localhost" instead of the IP
address.
Installing a certificate
The following applies when you open an application with web access for the first time via a
browser: To set up a secure connection between browser and application, you must
download the certificate of the application and install it in your browser as "trusted".
NOTICE
Use CA certificates generated via the WinCC Unfiied Certificate Manager
If you use a self-signed certificate from a non-trustworthy source, the data transfer is not
protected from attacks.
For web access to the HMI device, use CA-certificates that were generated via the WinCC
Unified Certificate Manager. To do so, proceed as follows:
1. Generate a CA certificate with the WinCC Unified Certificate Manager .
2. Copy the CA certificate to a USB flash drive.
3. Import the CA certificate in the Control Panel via "Security">"Certificates" as "Trusted
Certificate Authority".
4. Install the certificate in your browser as described in the following sections.
Control Panel V18

Appendix
Download certificate
You have the following options to download the certificate:
• Using the "Certificate Authority" button on the homepage.
• Using the "Certificate" link in the "Sign in" dialog of the applications "SIMATIC Edge" and
"SIMATIC Extensions".
• By clicking on the icon or the "Not secure" message in the address bar of the browser.
Installing the certificate as "trusted" in the "Web Browser"
Follow the instructions in the browser documentation to import the application certificate
and classify it as "trusted".
A secure connection to the website is set up immediately with the trusted certificate.
Note
Certificate is valid for all applications with web access
For a secure connection to the applications with web access, the HMI device certificate must
only be downloaded once and classified as "trusted".
Sign in using the "Sign in" dialog

You use the "Sign in" dialog to sign in to an application with web access.
"Sign in dialog" for runtime-related applications
The following figure shows the "Sign in" dialog for the following applications.
• "WinCC Unified RT"
• "User Management"
Control Panel V18

Appendix
Procedure:
1. Select the required runtime language.
2. Enter the user name and password.
3. Click "Sign in".
If the selected language is not available in the runtime project, the default language is used.
"Sign in dialog" for "SIMATIC Apps"
The following figure shows the "Sign in" dialog for the following applications.
• "SIMATIC Edge Management"
• "SIMATIC Extensions"
Procedure:
1. If not done yet, download the certificate of the application using the "Certificate" button and
install the certificate in your browser, see the "Installing a certificate" subsection in this
section.
2. Enter the user name and password.
3. Click "Sign in".
Control Panel V18

Appendix
Notes on web access

After signing in, read the following notes on web access in the various applications:
"WinCC Unified RT"
After successful login, a user session is active. Note the following for user sessions:
• A maximum of three user sessions are permitted on one HMI device.
• User management is used in a user session when signing in. Changes to the user
management of the HMI device have no effect on the session in progress.
• You have the following options to completely close a user session:
– Configure an operating element with the system function "Log off".
– Close all instances, that is, all open browser windows.
For more information on remote access via "Web client", refer to the TIA information system
under: "Visualizing processes (RT Unified) > Configuring remote access > Web client".
"User Management"
• The user list is only visible and editable for users who have been assigned the "User
Management" function right.
• You can find detailed information on web-based access to the user management in the
TIA information system under "Visualizing processes (RT Unified) > Configuring users and
roles (RT Unified) > Using the user management on the Unified Comfort Panel > Managing
local users > Managing local users in runtime".
"SIMATIC Edge Managment"
• Access to the application requires a user with the "HMI Administrator" role.
• You can find detailed information on the local Edge Management on the Edge
Management website in the programming and operating manual "Siemens Industrial Edge
(https://support.industry.siemens.com/cs/ww/en/view/109773259)".
"SIMATIC Extensions"
• Access to the application requires a user with the "HMI Administrator" role.
• You can find detailed information on the use of SIMATIC Extensions using the
"UserManual" link at the top left in the header of the SIMATIC Extensions website.
Control Panel V18

Appendix
A.4 Resetting an HMI device to factory settings via ProSave
A.4 Resetting an HMI device to factory settings via ProSave

If the operating system on the HMI device is no longer functional, you must reset the HMI
device to factory settings.
NOTICE
Do not switch off the HMI device during data transfer
If you turn off HMI device while the HMI device is being reset to factory settings, the HMI
device will not start. You must repeat the procedure.
Do not turn off the HMI device during data transfer.
Procedure
To reset the HMI device to factory settings, follow these steps:
1. If a project is running on the HMI device, close the project.
2. Connect the HMI device to the configuration PC via the X2 interface.
3. In the Control Panel of the HMI device, select "Network and Internet".
Ensure that the port selected for data transmission is activated for the interface used
("Activate this port for use").
4. In the Control Panel of the HMI device, select "System Properties" > "Reboot".
5. Press the "Reboot in maintenance mode" button. The HMI device starts. The "Maintenance
Mode" dialog box is displayed for a period of 10 minutes. In this period you can connect the
HMI device to a configuration PC and reset the HMI device to factory settings with the
ProSave software. If the "Maintenance Mode" dialog is not displayed, start the HMI device
while pressing the "Maintenance" button, see section "Using the maintenance mode
(Page 81)".
6. Open the "ProSave" software on the configuration PC in the WinCC installation directory.
7. Enter the following data in the "General" tab:
– "Device type": Select the type of your HMI device.
– "Connection": Select "Ethernet".
– "Connection parameters": Specify an IP address or computer name for the HMI device.
The IP address must be located in the subnet of the configuration PC.
8. Enter the following data in the "OS Update" tab:
– Under "Opening ...", select the path and file name of the firmware master file (.fwf)
containing the desired operating system.
– Select the option "Reset to factory settings".
– Under "MAC", enter the MAC address which is shown at the top right of the HMI device
display.
– Use the "Device status" button to display information about the device and the selected
firmware.
Control Panel V18

Appendix
A.5 Using the maintenance mode
9. Click "Update OS". A dialog box with the warning that all data on the HMI device will be
overwritten is displayed.
10.Confirm the dialog box.
The update of the operating system with "Reset to factory settings" is started. The progress of
the update is displayed both in ProSave and on the HMI device. The update operation can
take time, depending on the connection selected. The HMI device restarts at the end of the
process.
Result
The operating system of the HMI device has been updated to the version of the selected
firmware and the HMI device is reset to factory settings.

Maintenance mode is used to reset the HMI to the factory settings.
When the operating system starts and the Control Panel is displayed after the HMI device is
switched on, you can start the HMI device in maintenance mode by clicking the "Reboot in
maintenance mode" button. Follow the description in section "Resetting an HMI device to
factory settings via ProSave (Page 80)".
If the HMI starts with the boot splash screen and detects the corrupt operating system, the
HMI automatically switches to maintenance mode. The "Maintenance Mode" dialog box is
displayed. In this case, follow the procedure from step 6 in section "Resetting an HMI device
to factory settings via ProSave (Page 80)".
If the HMI device starts with the boot splash screen and does not detect the corrupt operating
system, the HMI device does not switch to maintenance mode. The "Maintenance Mode"
dialog is not displayed. You must reset the HMI device to the factory settings. In this case,
start the HMI device while pressing the "Maintenance" button as described in this section.
Control Panel V18

Appendix
NOTICE
The operating system must be updated in maintenance mode
If you start the HMI device while pressing the "Maintenance" button, the HMI device is in
maintenance mode. In maintenance mode, the "Maintenance Mode" dialog is displayed. The
operating system must be updated.
Only start the HMI device while pressing the "Maintenance" button if you are sure that you
want to update the operating system.
Procedure
Proceed as follows:
1. Turn off the power supply of the HMI device.
2. Press the "Maintenance" button. Use a blunt, sufficiently sturdy tool made of non-conductive
material, diameter approx. 5 mm.
You will find the "Maintenance" button in the opening between the two interfaces X1 and
X2.
Be sure to hit the button accurately and do not slide the tool off the button.
3. Switch on the power supply of the HMI device and keep the "Maintenance" button pressed
until the boot splash screen appears.
The HMI device restarts, the "Maintenance Mode" dialog box is displayed. Connect the HMI
device to a configuration PC and reset the HMI device to the factory settings using the
ProSave software. Follow the procedure from step 6 in the section "Resetting an HMI device
to factory settings via ProSave (Page 80)".
Control Panel V18

Control Panel V18

Ucp CP v18 Manual en-US

Uploaded by

Copyright:

Available Formats

Ucp CP v18 Manual en-US

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ucp CP v18 Manual en-US

Uploaded by

Copyright:

Available Formats

Control Panel V18

Networks and Internet 4

External Devices and Input 6

Service and Commissioning 8

Siemens AG Copyright © Siemens AG 2022.

1 Overview of functions ........................................................................................................................... 5

Control Panel V18

8 Service and Commissioning ................................................................................................................ 52

Control Panel V18

Icon Name Assigned functions

Start Runtime Start project on the HMI device

Language, Region and Formats Date and time (Page 50)

Service and Commissioning Transfer (Page 52)

Control Panel V18

Control Panel V18

• "Device type": HMI device type designation

Control Panel V18

Set the desired display brightness using the slider.

Control Panel V18

• "Enable screensaver": Select this option to activate the screensaver.

Control Panel V18

Control Panel V18

• "Device type": HMI device type designation.

Select storage media for OS update

Control Panel V18

Firmware files on external storage

Control Panel V18

Reboot in maintenance mode

Flash Memory Monitoring Section

Control Panel V18

Control Panel V18

2.8 Event Logger

Control Panel V18

Starting and stopping the recording

Switching to another storage medium

Control Panel V18

3.2 Automatic runtime start

Automatic runtime start

Control Panel V18

3.3 Alarm buffer

Alarm buffer configuration

Control Panel V18

3.4 Web client

Web client configuration

Web access to the runtime project

Control Panel V18

3.5 Load project from storage

Select storage media for project transfer

Select the storage medium on which the backed-up project is stored.

Projects on external storage

Control Panel V18

Displaying details and checking compatibility

• "Name": Name of the project.

Control Panel V18

Control Panel V18

The following buttons take you to the corresponding settings.

• "PN-X1": Settings for X1 interface (Page 24)

Control Panel V18

• "Specify an IP address": Option to manually assign the IP address.