Devices and programs designed to interact with control system parameters should validate the format and content of all user inputs and actions to ensure the values are within intended operational ranges. These values should be evaluated and further enforced through the program logic running on the field controller. If a problematic or invalid input is identified, the programs should either utilize a predetermined safe value or enter a known safe state, while also logging or alerting on the event.
Devices and programs should validate the content of any remote parameter changes, including those from HMIs, control servers, or engineering workstations.
|ICS||T0855||Unauthorized Command Message||
Devices and programs that receive command messages from remote systems (e.g., control servers) should verify those commands before taking any actions on them.