Siemens Industry Online Support
Siemens AG
Entry type: FAQ, Entry ID: 55652799, Entry date: 11/07/2011

Which security mechanisms does the TeleControl Basic system offer?

  • Entry
  • Associated product(s)

The TELECONTROL SERVER BASIC software connects up to 5000 SIMATIC S7 controllers to a central unit by means of the GSM/GPRS cellular radio standard. This permits cost-effective implementation of telecontrol solutions for logistics, maintenance/servicing and energy optimization.
The S7 interface is the MD720-3 modem for connecting the S7-200. The CP1242-7 is available for integration in the S7-1200. The software also permits worldwide teleservice over STEP 7 with the S7-1200, over GPRS and the internet.
In addition to the simple, small telecontrol applications, system integrators and system houses can offer their customers service by providing various services split into customer groups.

The TeleControl Basic system has the following features for secure communication over WAN:

No. Feature Description
1 Authorized phone numbers (CLIP list) Access to stations of the type S7-1200 with CP1242-7 is restricted to phone numbers stored in the CP's configuration. This prevents unauthorized waking of the station and spamming.
2 Password-protected logon of the CP1242-7 on the telecontrol server Only stations in which the correct password is configured can log onto the telecontrol server. This prevents third-party stations from illegally entering the control system.
3 User administration in the TeleControl Server Basic software Users and passwords
The engineers are assigned different roles. Access is password-protected.

User rights
Different user types are given different rights.

Only authorized users can make changes to the configuration on the telecontrol server.

4 Password-protected TeleService
(users and passwords)
You can also create several of your own users per CP1242-7 who can log onto a TeleService session and whose access is permitted by means of a special password. This excludes unauthorized TeleService access.
5 Support of standard SIM cards If you use standard SIM cards with data rate, most providers prevent access from outside to the IP addresses of the substations when using the public APNs. It is therefore impossible to access the substations from the internet.
6 Data encryption The protocol between substation and the telecontrol server uses a simple encryption mechanism. This means that it is not easily possible for third parties to read the data stream.
7 Stations logged on temporarily The substations can be configured as temporary stations (CP1242-7). This means that connections are established only when necessary. There are no unnecessary connections which can be manipulated.
8 Support of private provider APNs When using private provider APNs, the network operator provides a closed network that does not permit access from the outside.

Note on security
The functions and solutions described in this article confine themselves predominantly to the realization of the automation task. Furthermore, please take into account that corresponding protective measures have to be taken in the context of Industrial Security when connecting your equipment to other parts of the plant, the enterprise network or the Internet. Further information can be found in Entry ID: 50203404.

Security information
In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about industrial security, please visit