Skip to Content

SiePortal

The integrated platform for your product selection, buying and support workflow - bringing together Industry Mall and Online Support.

SiePortalDeutsch

Search

Home
Support Support
{{(apiData.Support | filter:{'rank':1}:true)[0].title}} Support
- Menu temporary not available
- Menu temporary not available
- Menue temporary not available
- {{item.title}}

Products & Services
- Menu temporary not available
- Menue temporary not available
- {{item.title}}
Support Support
{{(apiData.Support | filter:{'rank':1}:true)[0].title}} Support
- Menu temporary not available
- Menue temporary not available
- {{item.title}}
MySiePortal MySiePortal
{{(apiData.MySiePortal | filter:{'rank':1}:true)[0].title}} MySiePortal
- Menu temporary not available
- Menue temporary not available
- {{item.title}}
Cart ({{apiData.CartCount}})

Navigation

Simple Sample and TIPs - STEP 7 - Security settings wizard

Created by: Denilson Pegaia at: 12/9/2024 11:30 AM (1 Replies)

Rating (0)

Thanks 3

2 Entries

12/9/2024 11:30 AM	Rate (0)
Denilson Pegaia Diamond Expert Joined: 9/23/2005 Last visit: 1/15/2026 Posts: 4447 Rating: (1487)	Hi As new versions are developed, Siemens has implemented a series of cybersecurity mechanisms in its controllers. Special focus has been placed on access security. To increase security and facilitate these configurations, from STEP 7 V17 onwards a security wizard is presented to the programmer when inserting a CPU into the project. From TIA V20 onwards, new steps have been introduced to facilitate the management of users and their accesses. Wizard steps: Protection of confidential PLC data (S7-1200, S7-1200 G2, S7-1500): e.g. password for store data like certificates. This password is not stored in the SD card, so you need to reinsert this password if you exchange the CPU. See alternatives to re-enter the password in https://support.industry.siemens.com/cs/br/pt/view/109799540 Mode for PG/PC and HMI communication (S7-1200, S7-1200 G2, S7-1500): safety communication for download and data access (S7 protocol). Security settings may interfere with communication with older HMIs or those from other manufacturers. See alternatives for these cases in the FAQ https://support.industry.siemens.com/cs/br/pt/view/109803668/en PLC access protection (S7-1200, S7-1200 G2, S7-1500): General definition to restrict access (who) to the PLC. There are three choices, that will be defined in details on the next steps: Disabled: no access restriction Enabled: based on users x password x rights Enabled + Use access control via access level: (legacy), in this case the restriction is based on 4 levels x password general table. User management configuration (NEW IN TIA V20) (S7-1500): define if the users x password x rights definitions will be stored in the controller and / or if they will be read from a network server (UMC). Connection to User Management server (NEW IN TIA V20) (S7-1500): access definition to the UMC server Administrator Setup (NEW IN TIA V20) (S7-1200, S7-1200 G2, S7-1500): create / add users that have administrator access to the PLC: Access without authentication (anonymous mode) (NEW IN TIA V20) (S7-1200, S7-1200 G2, S7-1500): set if an anonymous user could access the controller Access control via access level (traditional legacy access level table) (S7-1200, S7-1200 G2, S71500) Tips: More information on the topic can be found in the online system help at https://docs.tia.siemens.cloud/search/all?query=Security+settings+wizard&content-lang=en-US especially for the first three topics: Using the Security settings wizard (S7-1200) https://docs.tia.siemens.cloud/r/en-us/v20/functional-description-of-s7-1200-cpus-s7-1200/setting-the-operating-behavior-s7-1200/protection-security-s7-1200/using-the-security-settings-wizard-s7-1200 Using the Security settings wizard (S7-1500) https://docs.tia.siemens.cloud/r/en-us/v20/functional-description-of-s7-1500-cpus-s7-1500/setting-the-operating-behavior-s7-1500/protection-security-s7-1500/using-the-security-settings-wizard-s7-1500 Using the security wizard to set PLC security settings https://docs.tia.siemens.cloud/r/simatic_s7_1200_manual_collection_enus_20/device-configuration/protection-security/using-the-security-wizard-to-set-plc-security-settings The wizard can be run at any time via the “Start security wizard” button in the CPU properties > Protection and security. The same settings can be made via the individual CPU properties (in the same place ) and the general settings for users, passwords and access rights (directory tree > security settings > users and roles). If you are not interested in setting a password or enabling any PLC safety interlock (for example for quick internal tests, for study purposes, etc.) use the following settings during the execution of the wizard: Protection of confidential PLC data: uncheck the option “Protects the PLC configuration data from the TIA Portal project and the PLC” Mode for PG/PC and HMI communication: uncheck the option “Only allow secure PG/PC and HMI communication” PLC access protection: check the option “Disable access control”, uncheck the option “Use access control via access control levels)
	Denilson Pegaia Siemens Industry Sector Technical Support
Suggestion To thank Quote Answer
This contribution was helpful to 3 thankful Users Moderator_Lan KalaDGT MindFlayer

1/15/2026 9:41 AM	Rate (0)
Denilson Pegaia Diamond Expert Joined: 9/23/2005 Last visit: 1/15/2026 Posts: 4447 Rating: (1487)	Hi As from TIA V21, there are one important improvement in the Security settings wizard: In the Protection of confidential PLC data (S7-1500, S7-1200 G2): there is an additional parameter (Additional protection of downloadable configuration data) that when activated encrypted the configuration data in the SIMATIC.S7S folder on the SIMATIC Memory Card and can only be decrypted with the password for protection of confidential configuration data. TIPs If you revoke or add the setting for protection of all data, the contents of the SIMATIC.S7S folder on the SIMATIC Memory Card will be deleted at the next download to the CPU. Other files, such as recipes or backup files on the SIMATIC Memory Card, are not deleted. After the deletion, the CPU performs a restart. If you have activated protection for the entire configuration, you will need the assigned password to upload from a SIMATIC memory card to STEP 7. Without a password, uploading from a SIMATIC memory card to STEP 7 is no longer possible, even that the user has access to the controller’s SD cart More references could be found in online documentation, in https://docs.tia.siemens.cloud/r/simatic_s7_1500_et_200mp_manual_collection_enus_21/comprehensive-information/communication-function-manuals/communication/communications-services/secure-communication/requirements-for-secure-communication/protection-of-confidential-configuration-data Attachment Screenshot 2026-01-15 064003.png (0 Downloads)
	Denilson Pegaia Siemens Industry Sector Technical Support
Suggestion To thank Quote Answer

|

Share this page:

Share this page on...

Follow us on