Professional Documents
Culture Documents
based PG/HMI
Communication And
The Protection of
Confidential PLC
Configuration Data
Siemens
TIA Portal V17 / S7-1500 PLC / TP1200 Comfort Panel Industry
Online
https://support.industry.siemens.com/cs/ww/en/view/109798583 Support
Legal information
Legal information
Use of application examples
Application examples illustrate the solution of automation tasks through an interaction of several components in
the form of text, graphics and/or software modules. The application examples are a free service by Siemens AG
and/or a subsidiary of Siemens AG ("Siemens"). They are non-binding and make no claim to completeness or
functionality regarding configuration and equipment. The application examples merely offer help with typical
tasks; they do not constitute customer-specific solutions. You yourself are responsible for the proper and safe
operation of the products in accordance with applicable regulations and must also check the function of the
respective application example and customize it for your system.
Siemens grants you the non-exclusive, non-sublicensable and non-transferable right to have the application
examples used by technically trained personnel. Any change to the application examples is your responsibility.
Sharing the application examples with third parties or copying the application examples or excerpts thereof is
permitted only in combination with your own products. The application examples are not required to undergo the
customary tests and quality inspections of a chargeable product; they may have functional and performance
defects as well as errors. It is your responsibility to use them in such a manner that any malfunctions that may
occur do not result in property damage or injury to persons.
Disclaimer of liability
Siemens shall not assume any liability, for any legal reason whatsoever, including, without limitation, liability for
the usability, availability, completeness and freedom from defects of the application examples as well as for
related information, configuration and performance data and any damage caused thereby. This shall not apply in
cases of mandatory liability, for example under the German Product Liability Act, or in cases of intent, gross
negligence, or culpable loss of life, bodily injury or damage to health, non-compliance with a guarantee,
fraudulent non-disclosure of a defect, or culpable breach of material contractual obligations. Claims for damages
arising from a breach of material contractual obligations shall however be limited to the foreseeable damage
typical of the type of agreement, unless liability arises from intent or gross negligence or is based on loss of life,
bodily injury or damage to health. The foregoing provisions do not imply any change in the burden of proof to
your detriment. You shall indemnify Siemens against existing or future claims of third parties in this connection
© Siemens AG 2021 All rights reserved
Other information
Siemens reserves the right to make changes to the application examples at any time without notice. In case of
discrepancies between the suggestions in the application examples and other Siemens publications such as
catalogs, the content of the other documentation shall have precedence.
The Siemens terms of use (https://support.industry.siemens.com) shall also apply.
Security information
Siemens provides products and solutions with Industrial Security functions that support the secure operation of
plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement –
and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and
solutions constitute one element of such a concept.
Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks.
Such systems, machines and components should only be connected to an enterprise network or the Internet if
and to the extent such a connection is necessary and only when appropriate security measures (e.g. firewalls
and/or network segmentation) are in place.
For additional information on industrial security measures that may be implemented, please visit
https://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly
recommends that product updates are applied as soon as they are available and that the latest product versions
are used. Use of product versions that are no longer supported, and failure to apply the latest updates may
increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed at:
https://www.siemens.com/industrialsecurity.
Table of contents
Legal information .............................................................................................................................. 2
1 Introduction ............................................................................................................................. 5
1.1 Overview .................................................................................................................... 5
1.2 Mode of Operation ..................................................................................................... 5
1.3 Components Used ..................................................................................................... 7
2 New Security Features for PLC and HMI panel in TIA Portal V17 ...................................... 8
2.1 "Security-By-Default" Concept ................................................................................... 8
2.2 Secure PG/PC and HMI Communication .................................................................. 9
2.2.1 Transport Layer Security - TLS ................................................................................. 9
2.2.2 Secure Communication Mechanism ........................................................................10
2.3 Protection of the PLC Confidential Configuration Data ...........................................13
2.4 Security Wizard........................................................................................................15
2.5 Communication Compatibility ..................................................................................16
3 Engineering ...........................................................................................................................17
3.1 Project Preparation ..................................................................................................17
3.2 SIMATIC Controller Configuration ...........................................................................19
© Siemens AG 2021 All rights reserved
7.2 Changing the password to protect confidential PLC Configuration Data (S7-1200
PLC, S7-1500 PLC) .................................................................................................54
7.2.1 Change Password - Configuration is not yet loaded ...............................................54
7.2.2 Change Password - Configuration is already loaded ..............................................57
7.3 Resetting the password to protect confidential PLC Configuration Data (S7-1200
PLC, S7-1500 PLC) .................................................................................................60
7.3.1 Resetting the password - Configuration is not yet loaded .......................................60
7.3.2 Resetting the password - Configuration is already loaded ......................................61
7.3.3 Resetting the password using SIMATIC Memory Card ...........................................62
7.4 Tips for Error Avoidance and Error Handling ..........................................................63
7.5 Using Legacy PG/PC Communication in TIA Portal................................................64
7.6 TIA Portal V17 Project Description ..........................................................................66
7.6.1 Overview ..................................................................................................................66
7.6.2 The "SimulatedDrive" function block .......................................................................67
7.6.3 The "SimulatedDriveData" global data block ...........................................................68
8 Appendix ................................................................................................................................69
8.1 Service and support .................................................................................................69
8.2 Industry Mall ............................................................................................................70
8.3 Links and literature ..................................................................................................70
8.4 Change documentation ...........................................................................................71
© Siemens AG 2021 All rights reserved
1 Introduction
1.1 Overview
Task
Digitalization and the growing networking of machines and industrial systems also mean an
increase in the risk of cyberattacks. Appropriate protective measures are imperative, especially
for critical infrastructure facilities.
Approach
As a pioneer in industrial security world, Siemens has always aimed to provide holistic, state-of-
the-art solutions to ensure maximum protections of machines and plants. For this reason,
Siemens has introduced new security features in TIA Portal V17. These features ensure that
communication data is not subject to manipulation by means of encryption. They also provide
protection against unauthorized access to machines and software.
Solution Description
This application example describes the new security functions that have been introduced with
TIA Portal V17 and how to apply them on S7-1500 PLCs in connection with HMI panels. The
user will learn how to use the newly introduced security wizard that helps with the security
configuration of the PLC. The security configuration includes the following configuration steps:
• Protect the confidential configuration data of the PLC.
© Siemens AG 2021 All rights reserved
Diagram
The following figure shows the most important components of the solution:
Figure 1-1
S7-1500 PLC
TP Comfort 1200
Industrial Ethernet
Tags
Implemented Functions
The following functions are implemented in the application example:
© Siemens AG 2021 All rights reserved
• Configuration of the following S7-1500 PLC security features using the security wizard:
– The protection of the confidential configuration data of the PLC.
– The secure connection to the HMI panel using digital certificates.
– The PLC access protection.
• Configuration of the HMI panel for secure connection with the S7-1500 PLC. This includes
the following possibilities:
– The PLC and the HMI panel are in the same TIA Portal project.
– The PLC and the HMI panel are in different TIA Portal projects.
– The HMI panel is not configured with TIA Portal
– The PLC is connected to WinCC SCADA V7.
• The steps required to replace an older CPU with a new one can be performed using one of
the following methods:
– Download the TIA Portal project directly to the new PLC.
– Go online to the new CPU to set the password and use the SIMATIC Memory Card of
the old CPU.
– Use an additional SIMATIC Memory Card and a special JOB file.
It is then possible to use the SIMATIC Memory Card of the old CPU in the new CPU.
• Update of the firmware version of the PLC and the HMI panel.
NOTE This application example can also be used as a basis for securely connecting other types of
SIMATIC controllers and HMI panels. See chapter 7.1 for a complete list of devices that
support the secure PG/PC and HMI communication feature.
© Siemens AG 2021 All rights reserved
• The predefined secure PG/PC and HMI communication, which prevents legacy PG/PC
communication with other partners. See chapter 2.2.
However, integrating machines and systems into an open IT environment requires that the
communication between the programming device or HMI panel and the PLC to be secured in
the sense of maintaining integrity and confidentiality for sensitive data. It also requires that this
security meets generally accepted standards and is thus ready for the challenges of the future.
As of TIA Portal V17, PG/PC and HMI communication has been improved. Here, the Transport
Layer Security protocol (TLS) is used to secure PG/PC and HMI communication using
standardized security mechanisms.
TLS is designed to provide communication security over a computer network. This security is
realized by the following elements:
– Confidentiality: the data is encrypted or unreadable to unauthorized eavesdroppers.
– Integrity: the message leaving the sender arrives to the recipient is unchanged. In other
words, the message has not been manipulated in transit.
– Endpoint authentication: the communication partner as the end point is exactly the
person he pretends to be. The identity of the partner is verified.
TLS uses digital certificate to encrypt and authenticate the partners and the data. In TIA Portal
V17, the user has the option of using induvial, user-specific certificate for the communication
partners which provides and extra layer of security to the system. If one device is compromised,
other devices remain safe as they use different certificates. The certificates can be imported or
created in TIA portal with the certificate manager. For more information on using certificates in
TIA Portal, refer to the following link: \3\.
The basis of secure PG/PC and HMI communication is that the PG and HMI panel can verify the
authenticity of the PLC using the PLC communication certificate that the PLC sends when
establishing communication and considers this PLC to be "trustworthy". Secure PG/HMI
communication is only possible when the PG and HMI panel trusts the PLC.
During connection setup, the PLC transfers the PLC communication certificate to the
communication partner (PG or HMI panel).
To ensure that communication between the PLC and a programming device or HMI is secured,
the PLC must first have a certificate. However, this certificate is only issued when the project is
loaded into the PLC. In the following, the secure communication between PG or HMI panel and
the PLC is explained.
Provisioning Phase
The following figure explains the process of the initial connection establishment from the PG or
HMI panel to the PLC also known as "provisioning phases".
Figure 2-1
© Siemens AG 2021 All rights reserved
Generating self-signed
certificate sent in response
to connection
establishment
Implicitly configured
PLC certificate for PG/PC
Project data
and HMI communication is
loaded
The first connection establishment for initial loading to the PLC is secured by the TLS procedure
in terms of Secure PG/P and HMI communication. The PG sends a connection establishment
request to the PLC.
The PLC uses its manufacturer device certificate (if available) or a self-signed certificate to
establish this connection. The PLC can only be used to a limited extent in this phase. In this
point, the PLC waits for the provision of the password-based key information, i. e. the PLC is
expecting the password for PLC confidential configuration data (see chapter 2.3). This phase is
also called the provisioning phase. A message in the diagnostic buffer indicates that the PLC is
in the provisioning phase.
The PLC sends its certificates to the PG which must be manually trusted by the user for the
initial download process to continue. This needs to be done only once during the initial
download.
When a project is loaded into the PLC, the PLC receives the project data:
• Hardware configuration including configured certificates for secure communication (OPC
UA, HTTPS, Secure OUC, Secure PG/P and HMI communication)
• User program
NOTE If you do not protect the confidential PLC configuration data with a password, there is no
need to enter the password when loading the CPU for the first time. This has no influence on
the flow of the PG/PC and HMI communication. If the confidential PLC configuration data
password is not configured, the PLC will leave the provisioning phase and continue to be
operational. In this case the confidential PLC configuration data (e. g. private keys) are not
protected against unauthorized access (see chapter 2.3).
PLC is configured
2. Connection
PLC
establishment request
communication is sent in
known from configuration
response
Figure 2-3
© Siemens AG 2021 All rights reserved
NOTE The security wizard opens automatically when a new PLC is added to the TIA Portal project.
Alternatively, it is possible to start the security wizard manually in the properties menu of the
PLC. In the properties menu of the PLC, navigate to "Protection & Security" and click the
"Start security wizard" button to start the security wizard.
Figure 2-6
You have the option of connecting an S7-1500 PLC V2.9 or S7-1200 PLC V4.5 to a current
programming device with TIA Portal V17 or higher and additionally, for example, to an HMI
panel with a runtime from the previous version.
The devices automatically adjust their connection mechanisms accordingly. To be able to better
differentiate between the two connection mechanisms, we call the procedure of connecting to
previous versions "Legacy Mode" which is based on a variant of S7 communication.
There are two modes of operation for the SIMATIC controllers in TIA Portal V17:
• Only via secure TLS-based PG/PC and HMI communication ("Secure Mode").
• Both via secure PG/PC and HMI communication and via the previously used PG/PC and
HMI communication ("Secure Mode" and "Legacy Mode"). This mode is also called "Mixed
Mode".
Taken above into consideration, we can summarize how the communication compatibility
behaves in different scenarios:
• PG/HMI panel and PLC are configured in TIA Portal V17 or higher version: The secure TLS-
based PG/PC and HMI communication ("Secure Mode").
• PG/HMI panel is configured in a previous version (TIA Portal< V17): "Legacy Mode" is used
given that you have deactivated the option "Only allow secure PG/PC and HMI
communication" in the PLC properties.
• PLC is configured in TIA Portal V17 or higher version and several PGs and HMI panels are
connected which are configured in TIA Portal V17 or higher as in previous versions
(TIA Portal < V17): "Mixed Mode" is used given that you have deactivated the option "Only
allow secure PG/PC and HMI communication" in the PLC properties.
NOTE By default, only secure TLS-based PG/PC and HMI communication is allowed in TIA Portal
V17. However, this option can be deactivated if needed, in cases such as when the
performance is affected, due to higher security standard.
3 Engineering
NOTE The engineering of the S7-1500 PLC and the HMI panel are completely implemented in the
project.
This section shows how to create a project with a S7-1500 PLC and an HMI panel.
NOTE Other models of SIMATIC controllers can be used as well. See chapter 7.1 for a complete
list of devices that support the secure PG/PC and HMI communication feature.
2. In the first window, the checkbox "Protects the PLC configuration data from the TIA Portal
project and the PLC" is activated by default according to the Security-By-Default concept.
Click the "Setup" button to configure a password to protect the confidential configuration
data of the PLC.
© Siemens AG 2021 All rights reserved
3. Enter the password and the password confirmation according to Table 3-1.
4. Click the "Ok" button.
6. In the second window, the PG/PC and HMI communication mode can be configured. The
option "Only allow secure PG/PC and HMI communication" is activated by default according
to the Security-By-Default concept. Click the "Next" button to go to the next page.
© Siemens AG 2021 All rights reserved
7. In the third window, the access level to the PLC can be configured. By default, no access to
the PLC is allowed according to the Security-By-Default concept. Later, you will configure
the PLC access password on the HMI panel to allow the communication between the two
devices. Keep the default "No access (complete protection)" option.
8. Enter the full access password in the password field according to Table 3-1 and confirm this
password.
9. Click the following symbol .
10. Click the "Next" button to go to the last page of the security wizard.
10
11. In the last window of the security wizard, an overview of the previously configured security
settings can be found. Click the "Finish" button to end the security wizard.
© Siemens AG 2021 All rights reserved
11
1. In the PLC properties menu, navigate to "PROFINET interface [X1] > Ethernet addresses".
2. Set the IP address and the subnet mask of the PLC. The IP address of the PLC can be
found in Table 4-1.
1. In the PLC properties menu, navigate to "Protection & Security > Certificate manager".
2. Activate the checkbox "Use global security settings for certificate manager".
In TIA Portal, there are two methods for managing the PLC certificate:
– locally device-specific in the PLC properties menu
– globally for the whole TIA Portal project in the in the project tree under "Security settings
> Settings".
The "Use global security settings for certificate manager" option activates the use of the
global certificate manager to assign global certificate to the PLC.
© Siemens AG 2021 All rights reserved
3. When activating the global certificate manager, the current certificate configuration will be
lost. Therefore, a warning message about the loss of current keys and certificate in the local
certificate manager appears. Click the "OK" button.
4. The certificate used for the secure PG/PC and HMI communication needs to be created as
the certificate created locally for the PLC was deleted after performing the previous step.
Navigate to "Protection & Security > Connection mechanism" in the PLC properties menu.
5. Click the following button to open the certificate creation menu.
10
© Siemens AG 2021 All rights reserved
10
NOTE The following section explains the relevant steps to configure the HMI panel to securely
communicate with the S7-1500 CPU. All further steps for configuring the HMI panel are not
described here as they are irrelevant for the purpose of this application example. Further
information on the configuration of the HMI panel can be found at the following link \4\.
NOTE Other models of HMI panels can be used as well. See chapter 7.1 for a complete list of
devices that support the secure PG/PC and HMI communication feature.
The secure HMI communication works in a similar way as described in chapter 2.2.2. However,
there are two scenarios to be considered:
• When the PLC communication certificate is already available on the HMI panel with the
"trustworthy" status, a secure HMI communication is automatically set up between the PLC
and the HMI panel. This applies to the following cases:
– PLC and HMI panel are configured with the same TIA Portal project
– PLC and HMI panel are configured in two different projects, but a device proxy is used.
This is explained in chapter 3.3.1 and chapter 3.3.2 respectively.
© Siemens AG 2021 All rights reserved
• When the PLC communication certificate is not available in the "trustworthy" status on the
HMI panel, you will see a message in the alarm view of the HMI panel informing you that
the PLC is not trusted along with an error code. In this case, you must label the PLC
communication certificate on the HMI panel as "trustworthy". This is explained in
chapter 3.3.3.
To configure an HMI panel to communicate with the PLC, we distinguish between three different
scenarios:
1. The PLC and the HMI panel are in the same TIA Portal project.
2. The PLC and the HMI panel are in different TIA Portal projects.
3. The HMI panel is not configured with TIA Portal (connection with WinCC SCADA V7
systems).
The configuration for each of these cases are shown in this section.
3.3.1 PLC and HMI Panel are in the same TIA Portal Project
Figure 3-1
TIA Portal
1. Add a new HMI panel to the project, e. g. SIMATIC TP1200 Comfort Panel, V17.0.
2. In the HMI panel properties menu, navigate to "PROFINET Interface [X1] > Ethernet
addresses".
3. Set the IP address and the subnet mask of the HMI panel. The IP address must be in the
same subnet as the IP address of the PLC.
6. Drag and drop a connection from the HMI panel to the PLC to establish an HMI connection
between both devices.
© Siemens AG 2021 All rights reserved
7. Double-click "Connections" in the project tree in the device folder of the HMI panel.
8. Enter the password for the HMI access of the S7-1500 CPU, as specified in Table 3-1.
The secure connection between the PLC and the HMI panel has now been configured.
3.3.2 PLC and HMI Panel are in two different TIA Portal Projects
Figure 3-2
© Siemens AG 2021 All rights reserved
Proxy
If the PLC and the HMI panel are in two different projects, a device proxy must be exported from
the PLC project and imported in the HMI panel project. This proxy device contains the PLC
configuration as well as the certificate needed for the secure connection. It can also include the
program blocks, tags and other options of the PLC.
1. In the PLC project, in the project tree, navigate to "Device proxy data" and double-click on
"Add new device proxy data". A new device proxy is created.
© Siemens AG 2021 All rights reserved
2. Double-click on the newly created device proxy to open the configuration menu.
3. In the configuration menu, enter a name to the device proxy.
4. Check the "Program blocks" checkbox to export the PLC program blocks with the device
proxy. If other PLC parameters are needed in the device proxy, they can be chosen here as
well.
5. Click the "Export device proxy data" button to save the device proxy file on your PG.
6. In the HMI panel project, the device proxy file must be imported. Navigate to the "Hardware
catalog" and add a device proxy to the project.
10. The PLC information from the PLC TIA Project can be seen here. Click the "OK" button.
© Siemens AG 2021 All rights reserved
10
NOTE The PLC project certificates used to secure the connection are included in the device proxy
file and will be automatically available to the HMI panel when this file is imported into the
HMI project.
11. Repeat the steps 3 to 8 from chapter 3.3.1 to establish an HMI connection between the HMI
panel and the device proxy.
NOTE Depending on your project, other HMI configuration regarding access to the device proxy
tags might be needed. This configuration is behind the scope of this application example.
3.3.3 HMI Panel is not configured in TIA Portal - Connection with WinCC SCADA V7
Systems
NOTE The following instructions are valid starting from WinCC SCADA V7.5 SP2 Update 4.
Connection to WinCC SCADA V7 works in a similar way to the device proxy method shown
above. A file must be exported from the PLC project and then imported in the WinCC SCADA
project. To export the file from the PLC project, a specific export tool is needed. See this link for
more information \5\.
See link \6\ for detailed explanation of how to securely connect with WinCC SCADA V7.5.
© Siemens AG 2021 All rights reserved
Observe the setup guidelines for the S7-1500 PLC and the SIMATIC TP1200 Comfort
Panel. Read the corresponding device manual \7\ and \8\.
CAUTION
Only switch on the power supply after you have completed and checked the
assembly!
CAUTION
The following figure shows the hardware setup of the application example.
Figure 4-1
© Siemens AG 2021 All rights reserved
S7-1500 PLC
TP1200 Comfort Panel
PROFINET IE
The following table provides an overview of all IP addresses used in this example. Assignment
of static IP addresses is assumed.
Table 4-1
Component IP address
CPU 1515-2 PN 192.168.20.120
SIMATIC TP1200 Comfort Panel 192.168.20.121
Prerequisite
• You have assigned the S7-1500 CPU the IP address that you have set in the project
(see Table 4-1).
• The Engineering PC and the S7-1500 PLC are in the same IP subnet.
Guideline
Proceed as follows to load the configuration to the S7-1500 PLC:
1. Start TIA Portal V17.
2. Open the project "PLC_HMI_Security.ap17".
3. Connect the Ethernet cable of the Engineering PC with the S7-1500 PLC.
4. Right-click the device folder of the S7-1500 PLC in the project tree. The context menu
opens.
5. Select the "Download to device > Hardware and software (only changes)" menu.
Figure 4-2
© Siemens AG 2021 All rights reserved
10. A warning message appears stating that the CPU certificate is not trustworthy. Consider the
CPU certificate to be trustworthy to continue loading.
10
NOTE This message appears during the first download to the PLC to notify the user that the PLC
self-signed certificate is not yet trusted by the PG. This is important as the basis of the
secure PG/PC and HMI communication is the verification of the PLC certificate by the PG or
HMI panel. Refer to chapter 2.2.2 for more information about this warning message.
11. Enter the confidential PLC configuration data password in the "Load preview" dialog. The
password can be found in Table 3-1.
12. Click the "Load" button.
11
12
© Siemens AG 2021 All rights reserved
NOTE Refer to chapter 2.3 for more information about the PLC confidential configuration data
password.
13. Select the "Start module" action in the "Load results” dialog.
14. Click the "Finish" button.
13
14
Prerequisite
• You have assigned the SIMATIC TP1200 Comfort Panel the IP address that you have set in
the project (see Table 4-1).
• The Engineering PC and the SIMATIC TP1200 Comfort Panel are in the same IP subnet.
Guideline
Proceed as follows to load the configuration to the SIMATIC TP1200 Comfort Panel:
1. Select the device folder of the SIMATIC TP1200 Comfort Panel in the project tree.
2. Click the "Download to device" button.
© Siemens AG 2021 All rights reserved
4.4 Operation
Introduction
This section will show you how to use the functions of the application example described above.
Procedure
1. In the start page of the HMI panel, click on "Start Application".
© Siemens AG 2021 All rights reserved
2. Click the "Navigation" button on the top right corner to open the navigation menu.
3. Click on "Messages".
© Siemens AG 2021 All rights reserved
4. In the table, you see that the connection between the PLC and the HMI panel has been
established successfully. This connection is secured as only secured PG/P and HMI
communication was allowed in the PLC configuration (see chapter 3.2).
6. In this page, the conveyor belt can be controlled by increasing its speed or decreasing it.
The "Actual Speed" will change to match the "Target Speed". The current state of the
conveyor belt and its direction are also displayed.
© Siemens AG 2021 All rights reserved
Figure 5-1
2
© Siemens AG 2021 All rights reserved
Figure 5-2
Therefore, the password assignment to protect the PLC confidential configuration data has an
impact on the replacement parts scenario.
NOTE If you have not assigned a password to the PLC in your project to protect confidential PLC
configuration data, you can insert the SIMATIC Memory Card of the PLC to be replaced into
a new PLC without any further action needed.
If you have assigned a password to protect confidential PLC configuration data in your
TIA Portal project, observe the following rules when replacing a PLC.
Figure 5-3
TIA Portal
1x
Initial Download
© Siemens AG 2021 All rights reserved
PLC
5.2 The Replacement PLC has the same password for confidential
Configuration Data
If the replacement PLC has the same password as in the PLC to be replaced, the SIMATIC
Memory Card from the PLC to be replaced can be inserted directly to the replacement PLC
without further configuration.
Figure 5-4
Figure 5-5
TIA Portal (Online Access)
1
© Siemens AG 2021 All rights reserved
PLC (old)
10. Insert the SIMATIC Memory Card from the PLC to be replaced in the replacement PLC.
Figure 5-6
Memory
Card
If TIA Portal is not available during the device replacement, this method can be used. It requires
© Siemens AG 2021 All rights reserved
an additional SIMATIC Memory Card used to configure the password for confidential PLC
configuration data on the replacement PLC.
Procedure
1. Configure a SIMATIC Memory Card with "SET PASSWORD" JOB file.
With this action, a folder and file structure following a special pattern is created. A password
to protect the PLC confidential configuration data is written as plain text to a special file on
the SIMATIC Memory Card. To see the description of the steps necessary to create the
“SET PASSWORD” JOB file, refer to these instructions.
2. Insert the prepared SIMATIC Memory Card into the replacement PLC and switch it on.
The PLC reads the password, processes it, and stores the result in the internal memory. A
possibly existing entry is overwritten.
3. Pull the SIMATIC Memory Card and restart the PLC.
The following figure shows the file structure on the SIMATIC Memory Card.
Figure 5-7
Store the SIMATIC memory card in a safe place to which only authorized persons have
access.
CAUTION
NOTE The PLCs in TIA Portal V17 can work in two modes:
• Secure Mode
In the secure mode, only secure TLS-based communication is allowed between the PLC
and PG or HMI panel.
• Mixed Mode
In the Mixed mode, the PLC can communicate securely using TLS to PG or HMI panel
that use TIA Portal V17 as well as to PG or HMI panel that use previous version of
TIA Portal.
Figure 6-1
Remedy
If the above error occurs, that is, the password to protect confidential PLC configuration data
does not match the backup, you must delete the password and then set the correct password.
See chapter 7.2. After restarting the PLC, the backup is functional.
NOTE When performing a system backup on the HMI panel, the certificates are backed up
automatically as well. This means, if there is a functioning secure connection to the PLC
before the backup, the connection to that PLC will be established successfully after restoring
the backup.
© Siemens AG 2021 All rights reserved
7 Useful Information
7.1 A List of Components that Support Secure PG/PC and HMI
Communication
Servers
• S7-1500 PLCs V2.9
• S7-1200 PLCs V4.5
• S7-PLCSIM Advanced
• Drive Controller V2.9
Clients
• STEP 7 V17 (TIA Portal V17)
• HMI Basic Panels 2nd Generation, V17
• HMI Mobile Panels 2nd Generation, V17
• HMI Comfort Panels, V17
• WinCC Runtime Advanced V17
• WinCC Runtime Professional V17
• WinCC Unified PC V17
© Siemens AG 2021 All rights reserved
If the CPU has not yet been loaded with a configuration, it is possible to change an entered
password or to revoke the activation of the password protection
Precondition
• The PLC is not yet loaded with a configuration.
If you have not yet loaded any configuration into the PLC, the PLC is in the provisioning phase,
and you may load any valid configuration with your configured password. More on the
provisioning phase and its meaning can be found in chapter 2.2.2.
If the PLC has already been loaded with a configuration and the configuration is protected with
a password for confidential PLC configuration data, this password must be deleted. There are
the following methods to delete the password.
• Reset the PLC to factory settings
• Go online to the PLC to delete the password for protection of confidential PLC configuration
data directly and to define it again.
Precondition
• You have write access to the PLC.
• The PLC is in "STOP" mode.
Procedure
Depending on the task to be performed, either one of the following steps must be performed:
If you want to also change the project on the SIMATIC Memory Card, i. e. you want to re-load
the configuration you have to perform the following actions:
1. In the TIA Portal project, go online to the PLC.
2. In the online window, navigate to "Functions > Reset to factory settings".
3. Activate the "Delete password to protect confidential PLC configuration data" checkbox.
© Siemens AG 2021 All rights reserved
4. Select the "Format memory card" checkbox to avoid a repeated start-up of the PLC.
5. Click the "Reset PLC" button.
6. Load the project with the changed configuration and the desired password.
If you do not have to change the project on the SIMATIC Memory Card, i. e. only the wrong
password is set:
1. In the TIA Portal project, go online to the PLC.
2. In the online window, navigate to "Specify password to protect the PLC configuration data".
3. Click the "Delete" button. If the "Delete" button is not available, no password has been set in
the PLC yet.
If the correct password has been entered, the PLC can use the protected PLC configuration
data.
NOTE Restoring the factory settings of the PLC via the mode selector also deletes the IP address
of the PLC, but not the password for protecting confidential PLC configuration data.
© Siemens AG 2021 All rights reserved
Since you must enter the password when loading the PLC via TIA Portal for the first time, the
PLC configuration for this PLC can no longer be used. To change the password in the PLC
properties, you must also enter the previously valid password. If you forget your password, do
the following.
Precondition
• The PLC is not yet loaded.
Procedure
1. In the PLC properties menu in TIA Portal, navigate to "Protection & Security > Protection of
the PLC configuration data".
2. Click the "Reset" button.
© Siemens AG 2021 All rights reserved
NOTE The certificates of the CPU (e. g. certificates for web server, for OPC UA server, for PG/PC
and HMI communication) can no longer be used after the reset. It is necessary to recreate
and reassign the certificates of the CPU.
• If you use the global security settings for the certificate manager, you must reassign the
certificates from the certificate manager.
• If you do not use the global security settings for the certificate manager, you must
recreate and reassign the certificates.
The option for the protection of confidential PLC configuration data is still activated.
If the PLC has already been loaded with a configuration and the configuration is protected with
a password for confidential PLC configuration data, you can, for loading a new project, delete
the password for confidential PLC configuration data online and then specify a new password.
Precondition
© Siemens AG 2021 All rights reserved
Procedure
1. In TIA Portal, go online to the PLC.
2. In the online window, navigate to "Functions > Specify password to protect the PLC
configuration data".
3. Click the "Delete" button.
If the "Delete" button is not available, no password has been set in the PLC yet.
NOTE If the password is deleted and a loaded project requires a corresponding password, this
project may no longer work without entering the password.
It is also possible to reset the password using an additional SIMATIC Memory Card. This
method can be used for scenarios where TIA Portal is not available. To read more about how to
perform this procedure, refer to chapter 5.1.
NOTE To reset the password, the “PWD.TXT” file must be empty. That means, the file size must be
0 bytes.
Typical "Pitfalls"
You should pay attention to the following circumstances to avoid or correct errors:
Configuration loaded?
Regardless of whether you protect your confidential PLC configuration data with a password
or not the following circumstance must be observed:
Without a loaded configuration, the PLC does not leave the provisioning phase (see chapter
2.2.2).
• You are trying to load a configured password into a CPU that has already received an other
password, e. g.:
PLC is exchanged for another PLC from the stock. The replacement PLC was not
completely reset (reset to factory settings with option "Delete password for protection of
confidential PLC configuration data").
Remedy:
© Siemens AG 2021 All rights reserved
– For the configuration to be loaded, use the same password that was already used for
the configuration already loaded.
– It is also possible that the wrong project or PLC configuration was loaded. Check
whether the correct PLC configuration is available.
– Use the online function "Specify password to protect confidential PLC configuration
data" to delete the password or to set the same password as in the PLC configuration.
• The same error occurs if your PLC configuration does not use a password and the already
loaded configuration requires a user-defined password.
Remedy:
– Use the online function "Set password to protect confidential PLC configuration data" to
delete the password or to set the same password as in the PLC configuration.
Requirement
• Online connections to the CPUs must not be established.
• For PLCs that are to be reached online, the option "Only allow secure PG/PC and HMI
communication" must be disabled.
• The communication partners are in a protected environment, for example, during the
commissioning phase.
All online connections are set up as for TIA Portal versions < V17.
The setting remains active for the duration of the session. When you open a project, the option
"Use only legacy PG/PC communication" is not set.
© Siemens AG 2021 All rights reserved
Introduction
The TIA Portal V17 project contains:
• The user program for the S7 PLC with the "SimulatedDrive" function block.
• The configuration of the new security functions of the S7-1500 PLC.
• The configuration of the SIMATIC TP1200 Comfort Panel.
Diagram
The following graphic shows the program structure of the whole TIA Portal V17 project.
Figure 7-1
SimulatedDriveData
IDB
(DB2)
(DB4)
© Siemens AG 2021 All rights reserved
Program blocks
The user program for the S7-1500 PLC consists of the following elements:
Table 7-1
Element Symbolic name Description
OB1 Main In OB1, the function block
"SimulatedDrive" including the
corresponding instance data
block is called cyclically.
FB1 SimulatedDrive The function block
"SimulatedDrive" contains the
functions implemented in this
example.
DB2 SimulatedDriveData Global data block storing the
data.
DB4 InstSimulatedDrive Instance data block from the
“SimulatedDrive” function block.
Function
The "SimulatedDrive" function block checks the current speed of the conveyor belt
"actualSpeed" at regular intervals and compares it with a predefined value "setpointSpeed".
• If the actual speed is greater than the predefined value, the speed "actualSpeed" is reduced
to the value "setpointSpeed".
• If the actual speed is less than the predefined value, the speed "actualSpeed" is increased
to the value "setpointSpeed".
Parameter
The Figure and table below show the call interface of the "SimulatedDrive" function block.
Figure 7-2
© Siemens AG 2021 All rights reserved
Table 7-2
Parameter Data type Description
INPUT EN BOOL Enable input. Only in FDP and LAD.
setpointSpeed LREAL Predefined value with which the speed of the
conveyor belt is compared at regular intervals.
OUTPUT ENO BOOL Enable output. Only in FDP and LAD.
isActive BOOL State of the conveyor belt.
actualSpeed LREAL Indicates the current speed of the conveyor belt:
• If the actual speed is greater than the
predefined value, the speed "actualSpeed" is
reduced to the value "setpointSpeed".
• If the actual speed is less than the predefined
value, the speed "actualSpeed" is increased
to the value "setpointSpeed".
The "SimulatedDriveData" data block contains the data for communication between the
S7-1500 PLC and the HMI panel:
• isActive.
• actualSpeed
• setpointSpeed
Figure 7-3
NOTE The PLC tags used for communication between the S7-1500 PLC and the HMI panel must
be declared as accessible for HMI ("Accessible from HMI/OPC UA/Web API").
© Siemens AG 2021 All rights reserved
8 Appendix
8.1 Service and support
Industry Online Support
Do you have any questions or need assistance?
Siemens Industry Online Support offers round the clock access to our entire service and support
know-how and portfolio.
The Industry Online Support is the central address for information about our products, solutions
and services.
Product information, manuals, downloads, FAQs, application examples and videos – all
information is accessible with just a few mouse clicks:
support.industry.siemens.com
Technical Support
The Technical Support of Siemens Industry provides you fast and competent support regarding
all technical queries with numerous tailor-made offers
– ranging from basic support to individual support contracts.
Please send queries to Technical Support via Web form:
siemens.com/SupportRequest
© Siemens AG 2021 All rights reserved
Service offer
Our range of services includes the following:
• Plant data services
• Spare parts services
• Repair services
• On-site and maintenance services
• Retrofitting and modernization services
• Service programs and contracts
You can find detailed information on our range of services in the service catalog web page:
support.industry.siemens.com/cs/sc
The Siemens Industry Mall is the platform on which the entire siemens Industry product portfolio
is accessible. From the selection of products to the order and the delivery tracking, the Industry
Mall enables the complete purchasing processing – directly and independently of time and
location:
mall.industry.siemens.com