Release Notes - Softwareupdate CMC III V 10.0.2

!!! Important information !!!

!- Please make sure that the FTP Client uses binary data transmission.!

!- Please make sure that the FTP Client does not use data segmentation.!

!- The default-passwords of the users should be changed immediately to increase 
security.! 

!- In case the update shall be done with a USB-stick, the stick must not be insert
while startup of the CMC III PU. For starting the update by the CMC III PU, the
USB-stick has to be plugged in while the system is already running.!

!- On Devices, which were delivered with software version V 3.11.00_1, the internal
sensors are set back to default once after the update. They have to be reconfigured
after the update has finished. Only LCP units are affected and only the internal
sensors of these are set back. Other sensor configurations and the general
configuration are not affected.!

!- If a LCP with softwareversion 3.11.00_5 and older is updated with a newer software
version, the LCP as device has to be acknowledged again after the Update. This could
be done by pressing the "C"-Button in the front of the CMC III PU for 3 seconds or by
clicking in the message list on the website with the right mouse button and choosing
the action "Acknowledge".!

!- If the serial number of the CMC III PU in the LCP ends with the number "9", the
device "LCP" in the software gets a new serial number and is recognized as a new
sensor after the update. It gets a new index and the OIDs as well as the Modbus
adresses for the LCP change. To go back to the old OIDs and the old Index for the
LCP, the function "Reorganize" has to be used and the device "LCP" has to be
acknowledged again.!

!- The index of the both digital inputs at the backside of the CMC III Processing Unit
is swapped after an update from 3.09.00 (or lower) to a higher Software version and
matchs now with the labeling on the housing. If one or both of these digital inputs
is/are used as input of a Virtual Device or a Task, these Virtual Devices and/or Tasks
have to be adapted after the update.!

!- Because of new Variables and Configurations, the MIB of the CMC III has changed
and you must maybe adapt it again to a higher management system.
In general, the OIDs of the CMC III should be used with the ASCII-representation
instead of the numeral representation in a higher management system. If new variables
are added later, the numeral representation maybe does not fit any longer, but with
the ASCII-representation, still the right OIDs are addressed.!

!- After an update to V3.17.10 some Modbus addresses can be changed due to new added
variables. The addresses mapping should be checked in advance and after the update
and in case of a changed mapping, the configuration in the higher level management
system needs to be adapted.!

!- If a normal CMC III PU from stock shall be used for a LCP or a RiMatrix S, a Patch-
file must be copied to this PU to declare it as LCP / RiMatrix S. If these file is
needed, please contact the service department from Rittal.!

!- The performance of the mobile website depends on the performance of the mobile
device which is used. The number of configured parameters and windows in the dashboard,
which is used for the mobile website, should be kept small. After configuring the
dashboard for the mobile website, it should be tested with the mobile device.!

- The power supply of the CMC III Processing Unit should not be removed while the
startup-process before the acoustic signal has sound or the website can be reached
again. Otherwise errors can occure.
- If a Virtual Device is defined, it can be changed automatically while the update
to V 3.17.10 and show a "Changed" status after the update has finished. 
You only have to renew the "Output" Variable of the Virtual Device. If you change 
the temperature unit and a temperature value is declared as input of a 
Virtual Device, you also must choose this value as input of the Virtual Device again.
- After the update of the CMC III PU all other sensors are updatet automatically.
The update-process is shown on the webpage and with a white blinking at the LED in
the front of the CMC III Processing Unit.
- Please note the mentioned safety notes in the update manual.

- Due to changes in the rights management in Update V3.17.30_7, it is necessary to reconfigure the Access administration, including the database.

!!! THE INSTALLATION PROCESS FOR SW VERSION 10.0.2 MAY CAUSE PROBLEMS FOR DEVICES WITH HW VERSION LOWER THAN 6.0.0. INSTALL AT YOUR OWN RISK. !!!

New features in V 10.0.2:
- Support for new generation sensors (7010.xxx)

Changes in V 10.0.2:
- Bugfix: Chart scaling adjusted.
- Bugfix: The web interface no longer crashes on processing units with older hardware revisions when a PSM is connected.
- Bugfix: Sensor update status is displayed correctly again.
- The CVE-2025-26465 vulnerability has been closed.
- The CVE-2024-39894 vulnerability has been closed.
- The CVE-2024-6387 vulnerability has been closed.
- Security update: Patches for OpenSSH and other software features.

Known issues in V 10.0.2:
- Rights for parent tree elements in Access Management are not automatically transferred to child elements. However, these can be set manually.
- Radius: Login via SFTP not possible.
- Modbus TCP: Configuration of negative integer values ​​such as temperature thresholds does not work.

New features in V 3.23.0:
- All login attempts are now recorded.
- SSL certificate can now be exported as a certificate chain.
- Modbus/TCP: The allowed host list now allows host names, not just IP addresses.
- OPC port 65535 is now enabled.
- RiZone: Emergency and one-time codes now have a higher priority than 4-eyes and 2-factor authentication.
- LDAP login in FTP, SFTP and console is now possible.
- Radius login in FTP and console is now possible.
- Support for a second RADIUS server.

Changes in V 3.23.0:
- Security update: Installation of a firewall for network communication.
- Security update: Tightening of password policies.
- Security update: The admin password must be changed by the user before the first login. The same applies to new users.
- Security update: OPC-UA now has user authentication.
- Security update: SNMP now supports SHA1 and AES.
- Security update: Bruteforce login protection has been improved.
- Security update: USB/SD storage interface can be disabled via WebUI.

Known issues in V 3.23.0:
- Rights for parent tree elements in Access Management are not automatically transferred to child elements. However, these can be set manually.
- Radius: Login via SFTP not possible.
- Modbus TCP: Configuration of negative integer values ​​such as temperature thresholds does not work.

Changes in V 3.17.30_7:
- Optimization: Performance and stability improvements.
- Bugfix: Activating NTP now works as intended.
- Bugfix: Editing tasks and charts now works as intended.

Changes in V 3.17.30_6:
- The Vulnerability CVE-2022-11956 is fixed.
- The Vulnerability CVE-2018-19052 is fixed.
- The Vulnerability CVE-2023-48795 is fixed.
- Bugfix: The SMTP Mail Header os now accepted by every provider.
- Optimization: Performance and stability improvements.

Already known problems in V 3.17.30_6:
- If one PSM component is connected to a CAN-Bus Unit and a second PSM component is
added, it can occure that one or both PSM components are lost in the system. In this
case, the whole CAN-Bus Unit has to be restarted by disconnecting it from the bus
system. After the restart, all PSM components are back again.
- In case 2 CAN-Bus DRC with RFID-Controllers are connected with a PU, it can happen
that a new Tag is not shown in the graphical view of the second controller. It is only
shown in the list-visualisation and also in the message-list in the lower area of the
website.
- Some Configurations are not shown right with the Internet Explorer. This problem
depends also on the Browser-Version. If the Website is not shown correctly by the
Internet Explorer, the browser has to be updated or alternatively another browser
has to be used.
- The mobile website could have some small display errors with special mobile
operating systems and brwoser combinations.
- If a user changes a dashboard while another user is logged in to another dashboard,
the second user is logged out if the first saves the dashboard.
- When rebooting the system via the console menu, it may happen that the system will
not be restarted. In this state the central unit must be disconnected from the power
supply and reconnected again.
- Not all software packages of the operating system have been updated. When running
a security scan, parts of the system can still be displayed.

Changes in V 3.17.30_5:
- Bugfix: Four-eyes principle can no longer be used without "AccessAck".
- Bugfix: The AccessConfiguration behaves again as intended when restoring.
- Bugfix: If the Access Configuration is imported via RiZone, the configured 
two-factor authentication is no longer overwritten.
- Bugfix: The session is logged out if the protocol (HTTP/s) is deactivated, 
with which the session was established.
- Optimization: The setting for two-factor authentication has beem added 
to access.cmc3. The timeout is 5...60 seconds.
- Optimization: New DHCP behavior: The DHCP is continuously re-requested, 
even if the server is not yet reachable after booting. If the server 
is not reachable, the device is reachable under the default IP address. If switching
between two networks during operation, a pause of 20 seconds is required. 
- Optimization: Performance and stability improvements.


Already known problems in V 3.17.30_5:
- If one PSM component is connected to a CAN-Bus Unit and a second PSM component is
added, it can occure that one or both PSM components are lost in the system. In this
case, the whole CAN-Bus Unit has to be restarted by disconnecting it from the bus
system. After the restart, all PSM components are back again.
- In case 2 CAN-Bus DRC with RFID-Controllers are connected with a PU, it can happen
that a new Tag is not shown in the graphical view of the second controller. It is only
shown in the list-visualisation and also in the message-list in the lower area of the
website.
- Some Configurations are not shown right with the Internet Explorer. This problem
depends also on the Browser-Version. If the Website is not shown correctly by the
Internet Explorer, the browser has to be updated or alternatively another browser
has to be used.
- The mobile website could have some small display errors with special mobile
operating systems and brwoser combinations.
- If a user changes a dashboard while another user is logged in to another dashboard,
the second user is logged out if the first saves the dashboard.
- When rebooting the system via the console menu, it may happen that the system will
not be restarted. In this state the central unit must be disconnected from the power
supply and reconnected again.
- Not all software packages of the operating system have been updated. When running
a security scan, parts of the system can still be displayed.

Changes in V 3.17.30_2:
- Bugfix: Access Management with RiZone works again as intended
- Bugfix: Patched login via RADIUS-Server
- Optimization of detection and management of several sensors 


Already known problems in V 3.17.30_2:
- If one PSM component is connected to a CAN-Bus Unit and a second PSM component is
added, it can occure that one or both PSM components are lost in the system. In this
case, the whole CAN-Bus Unit has to be restarted by disconnecting it from the bus
system. After the restart, all PSM components are back again.
- In case 2 CAN-Bus DRC with RFID-Controllers are connected with a PU, it can happen
that a new Tag is not shown in the graphical view of the second controller. It is only
shown in the list-visualisation and also in the message-list in the lower area of the
website.
- Some Configurations are not shown right with the Internet Explorer. This problem
depends also on the Browser-Version. If the Website is not shown correctly by the
Internet Explorer, the browser has to be updated or alternatively another browser
has to be used.
- The mobile website could have some small display errors with special mobile
operating systems and brwoser combinations.
- If a user changes a dashboard while another user is logged in to another dashboard,
the second user is logged out if the first saves the dashboard.
- When rebooting the system via the console menu, it may happen that the system will
not be restarted. In this state the central unit must be disconnected from the power
supply and reconnected again.
- Not all software packages of the operating system have been updated. When running
a security scan, parts of the system can still be displayed.


New functions in V 3.17.30_1:
- Support for email encryption with TLS 1.0 - 1.2

Changes in V 3.17.30_1:
- Bugfix: Unlocking the DCM via keypad / card reader works again as intended
- Bugfix: Fixed bug in handle assignment
- Bugfix: Configuration of the variable list in the dashboard works again
- Bugfix: Acoustic feedback from the keypad / card reader is played again


New functions in V 3.17.30:
- Support for CMC Wireless handles and Wireless sensors 
- Support for Enocean sensors Eltako FFT65B, Afriso AHD10 / 20, 
Eltako FFT60SB (only together with CMC Wireless handles)
- Access management: Moved to separate tab. 
Two-factor authentication introduced

Changes in V 3.17.30:
- Bugfix: Login with user and password works again for SMTP
- Bugfix: Performance optimization for OPC UA to avoid disconnections
- Bugfix: IPv6 DNS server address is now displayed
- Bugfix: Log messages with too long texts are now displayed correctly
- Optimization of various elements in the web interface
- Optimization of access management: Moved to separate tab. Changes are
automatically saved in the SQL database and are no longer adopted in Access.txt
- Optimization of the setting of ports in the web interface: 
Ports are checked for double assignment
- Optimization of the number of repeated NTP loggings
- Optimization Watchdog: Can deactivate services if they do not work 
after three restarts
- Optimization of renewal of SSH keys when using patch
- When flashing in Factory Rescue, now the LED flashes white
- Temperature / humidity sensor 7030.111: Negative dew point values 
for °F are now possible

New functions in V 3.17.10:
- Logging of the SMTP connection via system-internal file in the
/download/smtp.log directory
- Changes to the syslog server are transferred once to the old and new syslog
Configuration sent.
- Changeover from Celsius / Fahrenheit via SNMP possible.
- Syslog now also supports TCP and TCP with TLS
- The number of tasks has been increased from 16 to 32.

Changes in V 3.17.10:
- Bugfix: performance optimizations web interface to reduce possible
Timeouts
- Bugfix: OPC-UA can be deactivated normally via the web menu
- Optimization of system security: Security feature to filter unwanted code-
Infiltrations via a CGI-Injection
- Optimization of system security: Security feature to filter unwanted code-
infiltrations via SSH commands (CLI menu)
- Optimization of system security: Identical SSH keys. Keys are now stored per 
device randomly generated. At the first login after an update the new key 
must confirm will be.
- Optimization of system security for write permissions in the download folder, 
better protection against reading snmp passwords, higher rights for 
Data exchange between processes necessary.
- Optimization SSH and SFTP individually configurable (Enable, Port). 
SSH default port changes from 22 to 2222. SFTP stays at 22. not identical 
ports are allowed can be used. SSH and SFTP now support ecdsa 
and ed25519 keys. The DSA key has been removed.
- Optimization of chart functions for scaling and measurement gaps. 
Button for reset added. Increases the zoom and jumps to the current timestamp.
- Optimizes the display of temperature and humidity for negative values 
and values above 99.
- Optimization of the LDAP dialog, if the service is disabled, empty 
Input fields allowed. 
- Optimization of date input in web and terminal. The date can be entered via 
2038. Date can only be set in the terminal if 
NTP is deactivated. The calendar and date are adjusted according to 
the language selection.
- Optimization of the time display. Different display formats depending on 
waved language. 
- UNI-Sensor 7030.190 Firmware 12.021 - Analog Custom Value is now set to 1600 
steps scaled.

New functions in V 3.17.00:
- Support of new VX IT Online comfort handles with new Access Control
- Support of new LCP-CW and -CWG based on VX-frame, including new product features
- Graphical widget for internal temperature sensor
- Added Brute-Force-Protection for integrated Webserver (E-Mail-Alarm in case of
multiple wrong Login-attempts, configuration through main device variable "Login")
- New Logging-file in the download folder (FTP) for SMTP-connection

Changes in V 3.17.00:
- Renaming of Tab from "Observation" to "Monitoring"
- Update for SSH-console with additional safety protection
- Access rights to internal files changed (FTP)

Changes in V 3.15.70_4:
- Bugfix: False alarm of integrated sensors fixed
- Bugfix: Support of GSM Units from CMC-TC product program

Changes in V 3.15.70_3:
- Bugfix: False alarm of integrated sensors prevented
- Bugfix: Update is started also on systems with HW V6.00 and Software V 3.15.70_X

Changes in V 3.15.70_2:
- Bugfix: Message of wrong PIN in SMS dialogue
- Bugfix: SNMP Name, Location, Contact overwriting
- Bugfix: Reload Device List
- Bugfix: Improvement of first initialization of OPC-UA

Changes in V 3.15.70_1:
- Bugfix: Problems during the update from systems with software < V 3.15.00 and
systems in delivery status

New functions in V 3.15.70:
- Graphical Widgets for temperature sensor (7030.100), temperature-/humidity
sensor (7030.111) and CAN-Bus Access (7030.200) (after the update process, the
website has to be refreshed by using "Ctrl + F5" in the browser)
- Support of LCP next generation (3312.XXX)

Changes in V 3.15.70:
- Update of the internal operating system and of the system services
- Bugfix: Update webinterface for full compatibility with current browser versions
- Bugfix: Complete rights-restore from restore-file for PSM-CAN-Modules with C19 
and Schuko ports

New functions in V 3.15.20_10:
- Certificates with a certification chain are supported
- Time-delayed NTP-request after a reboot (in case NTP-server is not available)
- Radius: Checking all attributes for the group of the CMC

Changes in V 3.15.20_10:
- Rename the certificate file in "https.crt"  (see also CMC III FAQ)
- Non-relevant characters (f.e. blank) are ignored in SMS configuration
- Improved performance of feature "Charts"

New functions in V 3.15.20_9:
- Support of the new RiZone features "One-time Pin" and "Emergency Pin"
- Protocol-Extension: LDAPS

Changes in V 3.15.20_9:
- Automatic reboot after copying the configuration file to the system
- Bugfix: Improved communication between CMC III PU and GSM Unit

New functions in V 3.15.20_6:
- Security-certificate can be substituted through (S)FTP

Changes in V 3.15.20_6:
- SSLv3-connections are not allowed any more (only through TLS, security relevant)

New functions in V 3.15.20:
- E-Mail sending through TLS supported
- Support of the NH measurement module, Art.No. 9343.070, 9343.170, 9343.270,
9343.370
- Support of the new PSM modules with CAN-Bus connection
- Offset for temperatur- and temperatur/humidity sensor (Hardware dependant)
- Wiegand-Interface of the universal sensor supports 56-Bit-Wiegand-Protocol
- Variable list as CSV-file via FTP
- Status of the Software-Images via FTP

Changes in V 3.15.20:
- Setpoints cannot be choosen any more as variable in the charts
- Extension of the MIB: "cmcIIIFiles" with information about actuality of the 
variable list
- The degree symbol is replaced with deg in the cmcIIIVarValueStr in SNMP
- Softwareupdate with the same software version is possible

Changes in V 3.15.00_4:
- Bugfix: After opening the view of a PSM-module three times, the orientation of the
module is still shown correctly
- Bugfix: Changing the temperature unit at a LCP has no effect to the regulation

Changes in V 3.15.00_2:
- Bugfix: 12-digit IP-adresses can be configured in the TCP/IP-configuration dialogue
- When the action "Set Variable Value" is choosen in a Task, a new option "--" can be
configured to make no action in this case
- In the SNMP-configuration the symbol "_" can be used in the configuration of the
communities

New functions in V 3.15.00:
- Flexibly designable webinterface ("Dashboards")
- Mobile website for Android and Windows Phone
- Support of Modbus/TCP
- User management over Radius (only access to website)
- Integration of an Axis-Webcam in the webinterface (not available with Internet
  Explorer)
- Forwarding of traps as SMS
- New functionality with access system: 4-eyes-principle and keypad/handle mapping
- Alarm relay of the CMC III PU individually switchable
- Alarm simulation in the alarm configuration of the sensors
- Support of the new CMC III sensors
- Configuration history via FTP
- Cooling-Configuration as webinterface
- Cooling-Configuration protected with password
- Virtual Devices can be used in LCP and RiMatrix S
- Better overview in the configuration of variables for a chart, setpoints cannot be
  choosen any more
- LCP-Bugfix: Water temperatures "25,4" and "25,5" are displayed and not marked as an
  alarm

Changes in V 3.13.00_2:
- LCP-Bugfix: Improved communication between CMC III PU and water- and fan-board

Changes in V 3.13.00_1:
- Improved functions with DET-AC III
- Alarm-Emails for messages "Lost", "Detected", "Ok" from the sensors
- LCP-Bugfix: Tasks accept LCPs with serial numbers ending with "9"
- Wiegand-interface of the Universalsensor compatible with EKEY Wiegand converter

New functions in V 3.13.00:
- Support of an SD card (not with CMC III Compact)
- Monitoring of the available memory and eject option of the SD card and USB stick
over the webinterface
- "Charts": Logging of measured values on USB stick or SD card and display of graphs
on the webinterface (not with CMC III Compact)
- Firmwareupdate over Webinterface
- Additional languages can be choosen: German, Russian, Chinese, Spanish, French
- "Information"-field in the dialog "Access Configuration" added
- "Logging"-list can be printed as filtered list
- Support of the CAN-Bus DRC 7030.550 (RFID-system)
- New Device Rights-management for users
- New visualisation of Alarm- and Device Rights-Configuration of the sensors
- Graphical differentiation of the both data types "Config" and "Data"
- Expansion of groups to 32 groups
- Expansion of User to 33 User (32 individual User, 1 "admin")
- "Undock"-function to show the graphical sensorinformation in a own window of the
browser (function not supported by Internet Explorer)
- Expansion of possible logical combinations in the Tasks with operators "NOR" and
"NAND"
- New "Delay" function in the Tasks, whith "Switch Off Delay", "Switch On Delay"
and a pulsed switch is possible

Changes in V 3.11.00_5:
- Bugfix: Compatibility with Firefox 25 and Chrome 31
- Connection between FCS and CAN-Bus Unit improved

Changes in V 3.11.00_2:
- Added "Grouping"-function for CAN-Bus Sensor "CMCIII-SEN"
- Bugfix: Sender-Address is transmitted with a E-Mail

Changes in V 3.11.00_1:
- Bugfix: Security hole with wrong LDAP-request closed
- Bugfix: Faster access via FTP

New functions in V 3.11.00:
- Integration of IPv6 (not working with Server-Shutdown)
- DNS: In the general Configuration, servernames can be typed in instead of
IP-addresses (not working in the configuration of the Server-Shutdown)
- Integration of the communication protocol OPC-UA
- User management (only webside login) over LDAP
- Support of the new PSM measurement rails 7859.050 and 7859.053 with CAN-Bus
- Support of the new PSM-MID-Modules 7859.312 and 7859.332
- The unit of the temperature can be choosen between Celsius and Fahrenheit
- The system configurations can be downloaded in a configuration file from the
CMC III Processing Unit and restored again
- The name of the sensors and values are shown in the observation table
- Additional information over the webpage: status of the GSM-Unit, Power on the two
CAN-Bus Ports, System temperature, Power Supply
- The information about Serial Number is now shown in the observation in the
PU information
- Values of the Power Unit are shown in a graphical table
- The Universalsensor 7030.190 can be used as Wiegand-interface
- The Temperature-/Humiditysensor shows the Dew Point (calculated in the sensor)
- Right click in the tree structure or the message list shows different options for
easier management
- After clicking "Reorganize", sensors are acknowledged automatically. The defined
"Alarm Configuration" of the sensors are not set back to default
- Better Logging: More information are written in the Log-list with more information
- Better Overview in the Tasks: In the "Trigger Expression"-area, the actual
Expression is not shown any longer
- The Ethernet-Configuration can be choosen (only via Telnet or USB)
- Actions of sensors or modules can be done over Telnet
- General Software Maintenance
- The internal sensors of the CMC III Processing Unit are not "Lost" any longer
- Bug with the SMTP-communication with "Authentification" is fixed

New functions in V 3.09.00:
- Faster startup-process of the CMC III PU
- New design of the webinterface of the CMC III PU, analog to www.rittal.de
- New reboot function over the network via telnet
- Support of the Fan Control System 7320.810 with the CAN-Bus Unit for 2 channels
7030.030
- New Virtual Device "Access Controller" to switch outlets of CMC III sensors with
a CMC III reader system (Keypad and/or transponderreader)
- Graphical view of the PSM-Modules and tabular view of PSM busbars with
measurement
- Access codes and card codes can be programmed over the webpage
- New shutdown function for servers via RCCMD programmable over Tasks
- Higher number of input variables for Tasks
- PSM-Modules and other switchable outputs can be grouped and beacuse of this
switch together with only one definition. With PSM-Modules, max. 4 ports of one
module should be defined in the same group.