The invention includes a method and a communication network for preventing impermissible access to software applications implemented in field devices, wherein the field devices are integrated in a communication network of automation technology and wherein each software application exchanges information within the communication network via at least one communication interface. The method includes registering currently activated safety functions of each of the communication interfaces; registering all activatable safety functions of each communication interface; ascertaining at least one shared safety function, which is activatable in each of the communication interfaces; displaying the shared safety functions and selecting at least one displayed, shared safety function; and reconfiguring each of the communication interfaces, wherein currently set safety functions are replaced by the at least one selected, shared safety function, and when no shared safety function was ascertained, each of the communication interfaces is so reconfigured that no safety function is activated.

A system and method for controlling an EMC protection apparatus in a removable component. The removable component is inserted into an end product. As a result of the insertion power is applied to the EMC protection apparatus. A determination is made as to whether a power good signal is detected within the removable component. In response to a power good signal, an EMC protection device is rotated from a retracted state to an engaged state such that the EMC protection device is placed over an enclosure opening in the removable component forming an EMC seal. Full functionality of the removable component can be delayed until such time as the rotation is completed.

A digital safety lock of a field device or other process plant equipment activates in response to receiving a request from a locking party, thereby placing the device into a locked mode. While the device is in the locked mode, only the locking party may perform maintenance activities on, or otherwise functionally control, the device. While locked, the device may provide an indication of the locking party to any other device or application attempting to access or control the locked device. Other devices, applications, and users may communicate with the locking party or locking party device to request that the device be unlocked and/or to request the corresponding digital safety lock key. Upon the device receiving the correct digital safety lock key, the digital safety lock may be deactivated, and the device may enter into an unlocked state if no other digital safety locks remain activated for the device.

A static safety analysis for control-flow linearization receives a control flow graph (CFG) and an intermediate representation of a computer program, and identifies, for a given loop, all memory load instructions belonging to one side of a diamond-shape structure in the CFG. For each representation of an address of each memory load instruction identified, determining whether it is used on all other sides of the diamond-shape structure. Responsive to determining each representation of an address of each memory load instruction on the one side of the diamond-shape structure is used on all other sides of the diamond-shape structure, determining whether an immediate predecessor of a top of the diamond-shape structure for the given loop post-dominates a header of the given loop. Responsive to determining the immediate predecessor of the top of the diamond-shape structure for the given loop post-dominates the header of the given loop, affirming safety of linearization.

A control device can modify a first user program and first setting information in the storage unit executed by a control engine respectively using a second user program and second setting information received by the control device. A security engine of the control device verifies identity between the first user program and the second user program, evaluates the validity of setting indicated by the second setting information, and permits or prohibits performance of the above modification based on such a verification result and the evaluation.

A safety module having a plurality of microcontrollers receives an analog input and determines a value of the analog input. The microcontrollers each determine a respective ternary state of the device by identifying, from three candidate ranges of values, a range of values in which the value falls, wherein at least two of the plurality of microcontrollers uses different candidate ranges of values, determining, based on the identified range, a ternary state corresponding to the range, and assigning the determined ternary state as the respective ternary state. The safety module determines whether the ternary states from the two microcontrollers map to a fault state, and, where they do, cause a command a command to be output to the device to enter a safe state.

A rail-mounted device for automation systems having at least one local bus interface for connecting the rail-mounted device to a local bus of an automation system, and a power supply unit that has at least one input and at least one output through which the power supply unit is connectable to at least one electronic control unit of the automation system. The power supply unit of the rail-mounted device is equipped to detect a voltage drop or a loss of voltage at the input of the power supply unit and to provide a supply voltage at a minimum of one output of the power supply unit over a limited period by means of the electrical energy stored in the energy storage device. The rail-mounted device has at least one signal output for indicating a voltage drop or voltage loss detected at the input of the power supply unit.

A circuit arrangement for switching an electrical load comprising an electrical switching element with a control input and an output; a control unit connected to the control input to drive the electrical switching element, in a first switching state, to generate a first output signal forming a switch-on signal for the load and, in a second switching state, to generate a second output signal, smaller than the first output signal, forming a switch-off signal for the electrical load; a safety output connected electrically to the electrical switching element output and to which the electrical load is connected; a decoupling apparatus arranged between the electrical switching element output and the safety output; a first output signal detecting apparatus connected to the electrical switching element output; and a second output signal detecting apparatus arranged in a circuit path between the decoupling apparatus and the safety output.

Implementations generally relate to systems, apparatuses, and methods for a residential sensor device platform. In some implementations, a system includes a plurality of sensor devices. Each of the plurality of sensor devices includes a first transceiver operative to support uplink communication with a wireless router, a second transceiver operative to support mesh link communication with other sensor devices of the plurality of sensor devices, an electrical control, a sensor operative to sense a condition of a living space, and a processor. The processor is operative to communicate with the wireless router, communicate with the other sensor devices of the plurality of sensor devices, and receive the sensed condition of the living space. Processors of the plurality of sensor devices are operative to select a master sensor device, wherein the master sensor device maintains communication with the wireless router, and wherein the other sensor devices of the plurality of sensor devices form a wireless mesh network.

A functional safety system performs safety analysis on three-dimensional point cloud data measured by a time-of-flight (TOF) sensor that monitors a hazardous industrial area that includes an automation system. To reduce the amount of point cloud data to be analyzed for hazardous conditions, the safety system executes a real-time emulation of the automation system using a digital twin and live controller data read from an industrial controller that monitors and controls the automation system. The safety system generates simulated, or shadow, point cloud data based on the emulation and subtracts this simulate point cloud data from the measured point cloud data received from the TOF sensor. This removes portions of the point cloud data corresponding to known or expected elements within the monitored area. Any remaining entities detected in the reduced point cloud data can be further analyzed for safety concerns.