Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 17566821, Entry date: 11/12/2003

Safety of electronic controllers ET200 - wire breakage can lead to the setting of outputs.

  • Entry
  • Associated product(s)

How is it possible that an assembly fault with a single or multiple wire breakage in the connection cable (I/O bus) between the ET200 bus modules leads to outputs of the DA 451 being set?

The ET200 system is a single-channel system and not a fail-safe automation system, with serial I/O bus in the lower performance and price range.

The options for recognizing faults and achieving a fail-safe state of operation are limited. Damage to the I/O bus is monitored by the header module IM 318 and indicated by the fault LEDs IM FAULT and BUS FAULT. At the same time the system goes into the safe state STOP and all the outputs are reset with the I/O bus signal "Clear". However, if the bus is interrupted, depending on the type and extent of the damage there might be uncontrollable switch-off transitions on the I/O module.

In extreme cases there might be outputs set even though the IM 318 is switched off. Depending on the task, both active and passive faults can be potentially dangerous faults. This means that unintentional setting of an output can be just as dangerous as unintentional resetting. For this reason when configuring you must divide the plant into "safe" areas and "unsafe" areas. Depending on the degree of danger, you should provide for additional measures for increasing safety (e.g. reading back of outputs or fail-safe, multichannel systems). See here also the fail-safe SIMATIC S5 systems S5-95F and S5-115F.

Information on this is available in the manuals and catalogs in the chapter entitled "Safety of Electronic Controllers" and in SIMATIC Updates:

  • "SIMATIC S5 ET 200 Distributed I/O System " - Entry ID: 1142470
    • Section 3.1.1 General rules and regulations for operation of ET 200
  • SIMATIC Updates "Failure Response of Electronic Controllers" - Entry ID: 5635636
  • Catalog ST 50 SIMATIC S5/PC/TI505 Automation Systems (catalog in paper form)
    • Chapter 12 Annex / Safety of Electronic Controllers
    • Chapter 2 SIMATIC S5-90U, S595U/F, S5-100U / General S5-95F Safety Regulations
    • Chapter 3 SIMATIC S5-115U/H/F / General S5-115F Application Area / Request Classes / Safety-relevant Areas / Non-safety-relevant Areas...
  • S5: Catalog ST 50/505, Edition 2002, on CD ROM - Entry ID: 13293249
  • Catalog ST 50 SIMATIC S5/PC/TI505 Systems
    The catalog is available in the Internet as a PDF file:


    A link to the catalog is also available at "SIMATIC S5-S7 Migration Support"
    • Chapter 3 General S5-115F
      Application Area / Request Classes / Safety-relevant Areas / Non-safety-relevant Areas...
    • The following is no longer included :
      Chapter 12 "Safety of Electronic Controllers", as well as SIMATIC S5-90U, S595U/F, S5-100U, because they have been declared as discontinued. The topic is covered with S5-115F.
  • There is extensive up-to-date information on the S7 automation system, e.g. on ET 200S with fail-safe modules, in the manual "SIMATIC Safety Engineering in SIMATIC S7" - Entry ID: 12490443

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit