Siemens SIMATIC NET CP 343-1 User Manual
9 Further Notes on Operation
B3L−50
CP 343-1 Lean for Industrial Ethernet / Manual Part B3L
Release 03/2007
C79000-G8976-C198-04
Access Permissions using Community Name
The CP uses the following community names for assigning permissions:
S For read access: “public”
S for read and write access: “private”
(note the use of lower−case letters!)
S for read and write access: “private”
(note the use of lower−case letters!)
9.4
Possible Security Gaps on Standard IT Interfaces /
Preventing Illegal Access
Preventing Illegal Access
With various SIMATIC NET components, such as OSMs/ESMs, a wide range of
parameter assignment and diagnostic functions (for example, Web servers,
network management) are available over open protocols and interfaces. The
possibility of unauthorized misuse of these open protocols and interfaces by third
parties, for example to manipulate data, cannot be entirely excluded.
parameter assignment and diagnostic functions (for example, Web servers,
network management) are available over open protocols and interfaces. The
possibility of unauthorized misuse of these open protocols and interfaces by third
parties, for example to manipulate data, cannot be entirely excluded.
When using the functions listed above and these open interfaces and protocols (for
example, SNMP, HTTP), you should take suitable security measures to prevent
unauthorized access to the components and the network particularly from within
the WAN/Internet.
example, SNMP, HTTP), you should take suitable security measures to prevent
unauthorized access to the components and the network particularly from within
the WAN/Internet.
Notice
We expressly point out that automation networks must be isolated from the rest of
the company network by suitable gateways (for example using tried and tested
firewall systems). We do not accept any liability whatsoever, whatever the legal
justification, for damage resulting from non−adherence to this notice.
We expressly point out that automation networks must be isolated from the rest of
the company network by suitable gateways (for example using tried and tested
firewall systems). We do not accept any liability whatsoever, whatever the legal
justification, for damage resulting from non−adherence to this notice.
If you have questions on the use of firewall systems and IT security, please contact
your local Siemens office or representative. You will find the address in the
SIMATIC catalog IK PI or on the Internet at
your local Siemens office or representative. You will find the address in the
SIMATIC catalog IK PI or on the Internet at
Partners.
9.5
Influence of MPI on Connections via Industrial Ethernet
If a station on MPI is added or removed, for example because a service PG has
been connected or disconnected, it is possible that active communication
connections on the communications bus are aborted. This has the following effects
on the communication connections on Industrial Ethernet:
been connected or disconnected, it is possible that active communication
connections on the communications bus are aborted. This has the following effects
on the communication connections on Industrial Ethernet:
S All S7 connections are temporarily aborted.
This does not apply when using CPUs with a separate K bus (for example, the
CPU 318−2, CPU 317−2 PN/DP, CPU 319−3 PN/DP).