Secure legacy drives for today’s market – no hardware changes

Navigating legacy security gaps to meet strict new regulations

Danfoss Drives is a leading provider of industrial automation technology with a long-standing product portfolio trusted across manufacturing, energy, and process industries. Their legacy VLT® drive platforms and MCT10 configuration tools have enabled reliable operations for customers worldwide. 

When new EU cyber regulations (Cyber Resilience Act) came into force, Danfoss faced the challenge of certifying legacy industrial drives to comply with IEC 62443, required for continued market access. 

The existing VLT® Drives and product portfolio relied on industrial communication protocols and hardware architecture never designed with cybersecurity in mind, creating risks for compliance and usability. 

Danfoss set a clear goal: achieve Security Level 1 compliance for VLT® Drives and MCT10 without costly redesigns – safeguarding market access and day-to-day operability. 

Enabling audit-ready cybersecurity for VLT® Drives and MCT10 

Proekspert partnered with Danfoss to lead risk analysis and design security features for both legacy drive platforms and the MCT10 configuration tool. 

Our team, drawing on deep embedded systems experience, identified vulnerabilities and implemented security controls directly in the firmware. For the configuration tool, our engineers integrated advanced access controls and secure authentication into the desktop application. 

We balanced compliance, usability, and deployment realities across both solutions. For the platforms, we replaced complex certificate-based models with role-based access, robust audit logging, and streamlined password authentication – using Mbed TLS and STM Cryptolib for optimal hardware compatibility. 

Throughout, we worked closely with end users and product owners to ensure the final solution supported both remote administration for larger clients and simple local setup for stand-alone applications. 

The result: Audit-ready cybersecurity for VLT® Drives and MCT10 – transparent for certification and practical for daily operations. 

Results: Delivering pragmatic, hardware-level cybersecurity for legacy platforms 

VLT® Drive platforms and the MCT10 configuration tool at Danfoss were upgraded with robust security features – role-based access management, audit logging, and streamlined password authentication. The solution passed TÜV SÜD audit with no major issues, verifying Security Level 1 readiness under IEC 62443. 

Crucially, all compliance upgrades were delivered via software – no hardware redesign, operational disruption, or excessive costs. Security settings are fully configurable for global clients and local installers, supporting flexible deployments to each market context. Proekspert delivered cost-effective, right-sized upgrades, challenging features that didn’t fit business needs or ROI. 

Impact for the client’s business

By modernizing security, Danfoss gained lasting business advantages – not just compliance. 

• Protected revenue and market access: Regulatory compliance secured continued sales in regulated markets, avoiding costly business risks. 
• No hardware redesign needed: Achieved Security Level 1 purely through software upgrades – saving time, cost, and hassle for all stakeholders. 
• Ready for future audits and certifications: Established a repeatable compliance process – future products pass certification faster, with less effort. 

Testimonial

“Proekspert combines deep product knowledge with a pragmatic approach to cybersecurity. Their team supported risk analysis and certification feasibility on legacy platforms, working closely with us to balance compliance, usability, and real customer needs. Together, we created a tailored, audit-ready solution – even when requirements shifted – and avoided costly business disruption. Their hands-on experts ensured our products are fit for today’s market and tomorrow’s regulations.”

Tim Flintholm Fink
Product Owner. HVAC and Aqua Drives, Danfoss Drives

Client

Danfoss Drives is a part of Danfoss, a Danish multinational company with more than 39,000 employees globally. Headquartered in Denmark, Danfoss is active in the manufacturing of components and engineering technologies for refrigeration, air conditioning, heating, motor control, and hydraulics used in off-road machinery. The company provides solutions for renewable energy (solar and wind), as well as district energy infrastructure for cities.

Project duration

1 year+

Technologies

C/C++, Microsoft Foundation Classes (MFC), Windows desktop application, role-based access control, audit logging, IEC 62443 compliance processes, vulnerability and penetration testing tools, Mbed TLS, STM Cryptolib. Threat modeling explored with IriusRisk