Web server
11.2 Configuring Web server users
S7-1200 Programmable controller
System Manual, 03/2014, A5E02486680-AG
605
STEP 7 provides a default user named "Everybody" with no password. By default, this user
has no additional privileges and can only view Web pages when logged in. You can,
however, grant additional privileges to the "Everybody" user as well as other users that you
configure:
● Query diagnostics
● Read tags
● Write tags
● Read tag status
● Write tag status
● Open user-defined pages
● Write in user-defined pages
● Read files
● Write/delete files
● Change operating mode
● Flash LEDs
● Perform firmware update
Without adding additional privileges, the "Everybody" user can view only the Start
(Page 614) and Introduction (Page 613) pages.
Granting privileges to the "Everybody" user makes it possible to log in to the Web server
with no password. Unauthorized access to the CPU or changing PLC variables to invalid
values could disrupt process operation and could result in death, severe personal injury
and/or property damage.
Because the "Everybody" user when granted sufficient privileges can perform operating
mode changes, writes to PLC data, and firmware updates with no password, Siemens
recommends that you observe the following security practices
• Enable access to the Web server only with the HTTPS protocol.
• Password-protect Web server user IDs with a strong password. Strong passwords are at
least ten characters in length, mix letters, numbers, and special characters, are not
words that can be found in a dictionary, and are not names or identifiers that can be
derived from personal information. Keep the password secret and change it frequently.
• Do not extend the default minimum privileges of the "Everybody" user.
• Perform error-checking and range-checking on your variables in your program logic
because Web page users can change PLC variables to invalid values.
• Use a secure Virtual Private Network (VPN) to connect to the S7-1200 PLC Web server
from a location outside your protected network.
To Next Page
Loading...
