Field devices that are used in industrial installations are already known from the prior art. In many cases, field devices are used in automation technology, just as in manufacturing automation. Field devices, in general, refer to all devices which are process-oriented and which process or supply process-relevant information. Field devices are thus used for detecting and/or influencing process variables. Measuring devices, or sensors, are used for detecting process variables. These are used, for example, for pressure and temperature measurement, conductivity measurement, flow measurement, pH measurement, fill-level measurement, etc., and detect the corresponding process variables of pressure, temperature, conductivity, pH value, fill-level, flow, etc. Actuators are used for influencing process variables. These are, for example, pumps or valves that can influence the flow of a fluid in a pipe or the fill-level in a tank. In addition to the measuring devices and actuators, field devices are also understood to include remote I/O's, radio adapters, or, generally, devices that are arranged at the field level.
A variety of such field devices are produced and marketed by the Endress+Hauser group.
In modern industrial plants, field devices are usually connected to superordinate units via communications networks, such as fieldbuses (Profibus®, FOUNDATION® Fieldbus, HART®, etc.). Higher-level units are control units, such as an SPS (storage programmable controller) or a PLC (programmable logic controller). The higher-level units are used for, among other things, process control, as well as for commissioning of the field devices. The measured values detected by the field devices—in particular, by sensors—are transmitted via the respective bus system to a (or possibly several) higher-level unit(s) that further process the measured values, as appropriate, and relay them to the control station of the plant. The control station serves for process visualization, process monitoring, and process control via the superordinate units. In addition, a data transfer is also required from the superordinate unit via the bus system to the field devices—in particular, for configuration and parameterization of field devices, as well as for control of actuators.
At the field device, operating software—more precisely, what is known as firmware—is implemented for executing functions of the field device, e.g., pertaining to its measuring function, but also its human/machine interface (HMI) or its graphical user interface (GUI), as well as its interface to a superordinate unit. To provide new functions and/or to correct errors or security holes, an updated version of the firmware with which the old version of the firmware that is located on the field device should be overwritten is provided by the field device manufacturer at more or less regular time intervals.
In many industrial installations, the installation operator reviews the firmware before installing it, and only then grants a release to update the field devices. A secure operation of the installation is important to the installation operator; at the same time, however, he would like to avoid a change to a measuring operation of his field devices that is typically error-free. At present, it could very well happen that an employee accidentally installs a new version of firmware, although this has not yet been approved for the installation.
There is currently no solution for the problem that the installation operator would, on the one hand, actually like to continue to work with the old version of the firmware in order to leave the measuring function of a field device unchanged, but, on the other hand, requires a newer version of the firmware in order to close security gaps.
Furthermore, the danger exists that an unauthorized individual might transfer potentially harmful firmware to the field device, with the aid of which he may, for example, read out confidential information, e.g., parameter settings, or that he might sabotage the operation of the field device—for example, by deactivating measuring and/or safety functions.