Rating 
Thanks 1
4 Entries
| 7/25/2023 2:52 PM | |
Joined: 2/7/2022 Last visit: 3/24/2025 Posts: 3 Rating:
|
I made a connection between a virtual S7-1513 PLC on PLCSIM Advanced and our software which uses a Telegraf input plug-in. The communication type is S7comm (kindly view the link below). Now I want to implement this connection in a project where the client is using an S7-400 PLC. But they have security concerns regarding the communication type. Here are my questions: 1. In section; Properties-Protection-Access Level on Tia Portal v15.1, there is an option "Read Access". Is it used to prevent writing to the PLC? 2. Although I won't be writing to the PLC at the moment, I will need that feature in the future. When writing to the PLC, is there way to prevent writing to the wrong address? Can this feature be secured so the client can be convinced that it won't break their system internally? P.S I would appreciate it if you have a suggestion to do this data exchange without using OPC UA protocol. Telegraf S7comm Input Plug-in Link: https://github.com/nicolasme/s7comm/blob/main/README.md Thanks in advance. Best, Fatih |
| 7/25/2023 6:22 PM | |
Joined: 1/21/2013 Last visit: 1/17/2026 Posts: 4405 Rating:
|
Hi Fatih, The S7comm communication channel is inherently insecure. It was developed at a time when almost no one thought about cybersecurity in relation to machines. The new PLC families use an evolution that takes security into account. For compatibility reasons, it can still be used, but it must be allowed in the configuration. Therefore, as the linked readme explains, PUT/GET must be enabled. In case of PUT/GET communication, the configured access level has no influence on the communication, it can be established at any time if it is allowed. This type of communication can be either completely restricted or completely open. It is not possible to prevent writing to some addresses. The system manual "Security with SIMATIC S7-Controllers" describes three types of secure communication supported by the S7-1200/1500:
Secure PG/HMI communication uses the extended version of S7comm, but since this protocol is not published, you cannot use it in a common way. There are some libraries available that have been reverse engineered, but I cannot recommend using them. And even if you wanted to use it, you would have to customize the Telegraf plugin. Secure Open User Communication (OUC) must be programmed on both sides. So you would also need to create a Telegram plugin. Secure OPC UA communication would be ready to use on both sides, but it seems you want to go the hard way. Kind regards |
This contribution was helpful to
|
|
Follow us on