Siemens SIMATIC S7-1500 System Manual page 111

System overview
5.3 S7-1500 R/H-CPUs
You can find more information about the security mechanisms of the SIMATIC automation
systems in the Security with SIMATIC S7 controllers
(https://support.industry.siemens.com/cs/ww/en/view/77431846) document and in the
Communication (https://support.industry.siemens.com/cs/ww/en/view/59192925) Function
Manual.
Integrity protection of the SIMATIC Memory Card, CPU as of FW version V3.1
For CPUs as of FW version V3.1, the integrity protection of the SIMATIC Memory Card is
dependent on the password for protection of confidential configuration data that you
assigned when configuring the CPU. This results in the following changes when using
SIMATIC Memory Cards:
• Transferring a CPU to a card reader/USB memory using drag-and-drop:
For CPUs as of FW version V3.1, you must enter the password of the CPU with which you
want to use the SIMATIC Memory Card. If you enter an incorrect password, the CPU does
not start booting after power on and reports the content of the SIMATIC Memory Card as
faulty.
• Inserting a CPU from a card reader/USB memory:
To check the integrity of the contained configuration in STEP 7, you must enter the
password of the CPU from which the configuration was loaded. In this case, STEP 7 checks
the data on the SIMATIC Memory Card and reports potential damage.
Entry of the password is optional. If you do not want to use the integrity check, you do not
need to enter the password (restore project).
Advantages and customer benefits of protection functions
The protection functions listed above protect your investments from unauthorized access and
manipulation, helping to secure plant availability.
Secure communication
There is an increasing need to transfer data to external computers in encrypted form via
Intranet or public networks.
SIMATIC R/H-CPUs with firmware version V3.1 or higher support the Internet PKI (RFC 5280)
with STEP 7 as of V19. This makes the configuration and the operation of Secure
Communication possible, for example:
• Hypertext Transfer Protocol (HTTPS)
• Secure Open User Communication
• Secure communication with OPC UA server
A public key infrastructure (PKI) can issue, distribute and check digital certificates. For R/H-
CPUs, you create certificates for various applications in the CPU properties in STEP 7, for
example: TLS certificates for Secure Open User Communication
R/H-CPUs as of firmware version V2.9 with STEP 7 and WinCC as of version V17 support
innovative and standardized secure PG/PC and HMI communication - Secure PG/HMI
communication for short.
110
S7-1500R/H redundant system
System Manual, 01/2024, A5E41814787-AF