Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 10154913, Entry date: 10/10/2011

How can you activate the protection level with a password in the HW Config for an S7 CPU?

  • Entry
  • Associated product(s)

The table below shows the three different ways of protecting your S7 program against unauthorized access.

Type of access protection

Configuring access protection

Online protection against access to the CPU

The protection level and the input of a password for online access protection is entered in the CPU's object properties in the HW Config.

Encrypted block protection
(STEP 7 V5.5 onwards)

You must install the "S7 Block Privacy" program from the STEP 7 V5.5 DVD before you can configure encrypted block protection. Then you can configure block protection in the SIMATIC Manager by way of "Tools > Block protection...". More information is available in Entry ID: 45632073.

Assigning a password.
The block protection can only be removed again by entering a password.

(STEP 7 V4.0.2 onwards)

A source is generated for the block to be protected. In this source block the keyword "KNOW_HOW_PROTECT" is entered in the declaration part. The block is protected after compiling the source. More information is available in Entry ID: 10025431

Issuing a password is not supported.
The Know-How protection cannot be deactivated without the STL source.

The password protection for the STEP 7 online functions is a protection against access to the CPU.
Using the password protection you can

  • Protect the user program and data in the CPU against unauthorized changes (write protection).
  • Protect the know-how contained in your user program (read protection).
  • Prohibit online functions that would damage the process.

The steps below describe how to configure password protection in your CPU.

  1. Double-click the CPU to open the properties of your CPU in the hardware configuration.
  2. Switch to the "Protection" tab and parameterize the desired protection level.

    Fig. 01
  3. Close the the dialog with OK and save and compile the HW Config.
  4. Load the HW Config into the CPU.

Depending on the protection level set, a check is performed before every online function to establish whether the function is allowed to be executed at the selected protection level. Consequently, as from protection level 2 a password must be entered for every write-access before executing the function. Depending on the protection level set, diagnostic functions can be performed and variable declaration tables can be read out. For example, protection level 3 permits the diagnostic buffer to be read out. You can call up the dialog box for entering the password directly via "PLC > Access Authorization > Setup". No further password queries appear until the SIMATIC Manager session is terminated or unless the password entry is cancelled with "PLC > Access Authorization > Cancel".

You can only protect the program with a password in a module if the module supports this functionality.

  • All 300-series CPUs delivered since 04/98 support this functionality.
  • All 400-series CPUs delivered since 03/98 support this functionality.
  • STEP 7 supports this functionality as from version V4.0.2.

Enabling Protection Level 2 (write protection) via the STEP 7 program
If you have set Protection Level 1 in the HW Config, you can use the SFC 109 "PROTECT" system function to switch to Protection Level 2 or back again to 1. Calling SFC 109 has no effect in the cases below:

  • If you have set Protection Level 2 or 3 in the HW Config.
  • If you have set Protection Level 1 with the "Can be bypassed with password" option (Fig. 1) in the HW Config.

More information on SFC109 "PROTECT" and how to parameterize is available in the STEP 7 Online Help by marking the SFC109 in the SIMATIC Manager and pressing the "F1" key. As from STEP 7 V5.4+SP2 this system function is included in the Standard Library.

Creation environment
The figures in this FAQ were created with STEP 7 V5.5.

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit