EasyManua.ls Logo

CAT EMCP 4 - 7.5 REAL TIME CLOCK; 7.6 READING ASCII DATA

CAT EMCP 4
102 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Application and Installation Guide EMCP 4 SCADA Data Links
©2013 Caterpillar
All rights reserved. Page 43
This is correct. It should be at level 2, because no passwords exist. Now, enter a level 1 password of 1,
which is 0x31, and then set the SCADA password to 123, which is 0x31 32 33.
Request: 0x 01 10 02 C3 00 08 10 31 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 xx xx
0x 01 = slave address of EMCP 4
0x 10 = function code (Write Registers)
0x 02 C3 = Level 1 Password
0x 00 08 = register count (8)
0x 10 = byte count (16)
0x 31 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 = data (1, followed by 15 spaces)
Response: 0x 01 10 02 C3 00 08 xx xx
0x 02 C3 = Level 1 Password
0x 00 08 = register count (8)
Request (Step 3): 0x 01 10 02 D3 00 08 10 31 32 33 20 20 20 20 20 20 20 20 20 20 20 20 20 xx xx
0x 01 = slave address of EMCP 4
0x 10 = function code (Write Registers)
0x 02 D3 = SCADA Password
0x 00 08 = register count (8)
0x 10 = byte count (16)
0x 31 32 33 20 20 20 20 20 20 20 20 20 20 20 20 20 = data (123, followed by 13 spaces)
Response: 0x 01 10 02 C3 00 08 xx xx
0x 02 C3 = Level 1 Password
0x 00 08 = register count (8)
Now, wait for the duration of the Level 0 Timeout, which is 10 minutes, without doing any writes over
SCADA. Repeat Step 1 to verify that the current security level is now zero. The response should be as
follows:
Response: 0x 01 03 02 00 00 xx xx
The level is now zero. Now, disconnect from SCADA completely (i.e. no reads nor writes) for at least 30
seconds, and then reconnect. Repeating Step 1, the response should be as follows:
Response: 0x 01 03 02 FF FF xx xx
This is the correct response. No read or write can be done to any register since the SCADA access has
timed out, with a couple of exceptions such as the Write Access Password register. Knowing the
password to any level, it can be entered and therefore, be granted access to SCADA. Now, enter the
SCADA password that we set in Step 3:
Request: 0x 01 10 02 BB 00 08 10 31 32 33 20 20 20 20 20 20 20 20 20 20 20 20 20 xx xx
0x 01 = slave address of EMCP 4
0x 10 = function code (Write Registers)
0x 02 BB = Write Access Password
0x 00 08 = register count (8)
0x 10 = byte count (16)
0x 31 32 33 20 20 20 20 20 20 20 20 20 20 20 20 20 = data (123, followed by 13 spaces)