Siemens Industry Online Support
Siemens AG
Entry type: Download Entry ID: 109747539, Entry date: 05/17/2017

Download Security Configuration Tool (SCT) V5.0

  • Entry
  • Associated product(s)
Security Configuration Tool V5.0 is now available as a download.   You can use SCT V5.0 with existing configurations.  Existing, older SCT versions can be upgraded for free.  

The version is suitable for the following devices / software:

  • SCALANCE S-600 (V3/V4)
  • SCALANCE M-800
  • CP343-1 Advanced
  • CP443-1 Advanced
  • CP443-1 OPC UA
  • CP1628
  • SOFTNET Security Client


You can find details about the topics below in the manual "Industrial Ethernet Security / Security Basics and Application"

The following features were added:

Operating systems:

  • Microsoft Windows 10 Professional / Enterprise Version 1607 x64
  • Microsoft Windows 10 Enterprise 2015 LTSB
  • Microsoft Windows Server 2012 R2 Standard x64
  • Microsoft Windows Server 2016 x64

The following operating systems require Service Pack 1:

  • Microsoft Windows 7 Professional / Enterprise / Ultimate x64
  • Microsoft Windows Server 2008 R2 Standard x64


  • Adding NAT/NAPT firewall rules above the existing firewall rules


  • Global use of VPN groups certificate tool
    SCT groups CAs can be imported and used in TIA


  • Support of the SHA2 signature algorithm for device certificates

The following features are no longer supported

Operating systems:

  • Microsoft Windows XP x32
  • Microsoft Windows 7 Professional / Enterprise / Ultimate x32

The following operating systems without Service Pack 1:

  • Microsoft Windows 7 Professional / Enterprise / Ultimate x64
  • Microsoft Windows Server 2008 R2 Standard x64


  • SCALANCE S-600 (V1/V2)


  • Adding NAT/NAPT firewall rules below the existing firewall rules

The following faults have been corrected:

  • SNMPv1 community string
    The space character can be used.
    The ‘ and " characters can no longer be used.
    The SNMPv1 community string "private" can no longer be used for reading when write access is disabled.
  • VPN Phase 2 changes made
    Relevant for pfs, AES deployment in Phase 2 of a VPN group.
    If the DH group is changed, the changed DH group is now implemented.
    The configure key length for AES is not implemented.

The following security fixes and improvements are included:

Correction of SSA-275839: Denial-of-Service Vulnerability in Industrial Products

Security information:

This update contains safety-relevant changes which improve robustness against possible attacks. We therefore recommend you update the firmware.

Third-party software - license conditions and copyright notes

You can find the copyright notes on the third-party software, especially Open Source Software, as well as applicable license conditions for this type of third-party software in the file ReadMe_OSS.

Special note for resellers

The information and the license conditions in the ReadMe_OSS file must be passed on to the purchasing party to avoid license infringements by the reseller or purchasing party.

Registrierung notwendig ReadMe_OSS.htm (276.7 KB)

Please read the notes on the installation in the product documentation.

You can download the file here.

Download unterliegt Exportcontrolle SIMATIC_NET_Security_Configuration_Tool_V5_0_0_0.exe (483.9 MB)

Note: Software is subject to export restrictions, download only for registered users

Since there may be changes on short notice, you will find the current version of the readme file with the following link: 63111903

Contact for technical issues: Customer Support, DF CS SD CCC TS, Contact form

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
Rate entry
no rating
Requests and feedback
What do you want to do?
Note: The feedback always relates to the current entry / product. Your message will be forwarded to our technical editors working in the Online Support. In a few days, you will receive a response if your feedback requires one. If we have no further questions, you will not hear from us.