Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 109748190, Entry date: 07/07/2017

How do you prevent write access to the outputs of your Modbus slave (S7-1500 / S7-1200)?

  • Entry
  • Associated product(s)
The Modbus instructions "MB_SERVER" V4.2 and higher and "Modbus_Slave" V3.0 and higher enable you to parameterize the valid address area of the outputs to prevent unauthorized access to the process image outputs of the Modbus master (via function code 5 or 15).

In STEP 7 V14 SP1 you can use the following Modbus instructions to define the supporting interfaces of the SIMATIC S7-1500, S7-1200 and ET200SP as Modbus slave or Modbus TCP server:

  • Modbus TCP instructions "MB_SERVER" V4.2 for supporting Ethernet interfaces
  • Modbus (RTU) instruction "Modbus_Slave" V3.0 and higher for supporting serial interfaces

The Modbus TCP instruction "MB_SERVER" V4.2 is in STEP 7 V14 SP1 in the library "MODBUS TCP" V4.2. The library "MODBUS TCP" can be found under "Instructions > Communication > Other".

The Modbus (RTU) instruction "Modbus_Slave" V3.0 is in STEP 7 V14 SP1 in the library "MODBUS (RTU)" V3.1. The library "MODBUS (RTU)" can be found under "Instructions > Communication > Communications Processor".

Fig. 01

For this your project has to be upgraded to at least TIA Portal V14 SP1.

Integrate the block in your project and define the instance before opening the instance data of the "MB_SERVER" V4.2 and higher or "Modbus_Slave" V3.0 and higher.

Fig. 02

Via the start values of the following static variables you can define the permissible address area for write access to the outputs.

VariableData typeDefault valueDescription
QB_StartWord0Start address of the valid address area of the outputs
(Byte 0 to 65535)
QB_CountWord0xFFFFNumber of output bytes that can be addressed by the Modbus master or Modbus TCP client

With "QB_Start" = 0 and "QB_Count" = 10, the output bytes 0 to 9 can be written by the Modbus master or Modbus TCP client.
Select "QB_Count" = 0 to block all output bytes for write access by the Modbus master or Modbus TCP client.

If write access is attempted to blocked address areas of the outputs, the instructions "Modbus_Slave" and "MB_SERVER" issue the error code ("STATUS") 16#8383: "Invalid data address in the request frame".
The instructions "Modbus_Master" and "MB_CLIENT" also issue this error code with use on the other side.

Further Information
Detailed information about the following instructions is available in the manual "STEP 7 Professional V14 SP1":

Creation Environment
The screens in this FAQ response were created in STEP 7 V14 SP1 (TIA Portal).

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit