Colin Carpenter

E71 Read Only?

9 posts in this topic

I've looked but I can't find it ......

We have a Q02 with an E71 ethernet card fitted and we will soon have a Q04 with a similar E71 fitted.

The Q02 is communicating with SCADA via ethernet and the Q04 is just about to be connected.

My question is : Can I set up the E71 so that SCADA can only READ from the PLC and not WRITE to it?

Many years ago I set up a Q2AS with an RS485 card fitted that allowed SCADA to communicate with it, and disabling the WRITE option was simply a switch on the front of the RS485 card, but I can't seem to find a way of doing it with the Ethernet option.

Many thanks,

Colin

Share this post


Link to post
Share on other sites

Hi Colin,

What Mitsubishi software are you using?

From memory- the early versions of the Mitsubishi Software (GX Developer/ IEC Developer) don't have read and write controls.

You may be able to configure read-only access on the SCADA system.

Share this post


Link to post
Share on other sites

The Q02 is programmed with IEC and the Q04 is programmed with GX Works2, but I can't really see a difference between the two programming methods as the E71 doesn't appear as an intelligent module in GX Works2 and the set up screens look remarkably similar between the two packages.

The issue came up the other day when we were discussing internet security and the only way for a malicious hacker to remotely get into the control system is through the SCADA PC, and it occurred to me that disabling the ability to write to the E71 would be the most secure way to prevent it.

I know it's a long shot, but a simple WRITE DISABLE switch would solve the problem as the SCADA system is used purely a data logger and real time display system, with no control cababilities, though that could be switched on by someone who knew what they were doing.

Share this post


Link to post
Share on other sites

Just disable the online change in the operation setting

E71 enable.JPG

Edited by Gambit

Share this post


Link to post
Share on other sites

Thanks for that Gambit.

If that box is unchecked, does that mean that all of the ports into the E71 will have the write function disabled?

The graphic shows Port 1 as the Melsec programming port and 4 HMIs .... if I wanted to connect the SCADA system into the same E71 on Port 6 and have the write function disabled, would it mean that all the other 5 ports would also have to be disabled?

Thanks

Enet.JPG

Share this post


Link to post
Share on other sites
10 minutes ago, Colin Carpenter said:

If that box is unchecked, does that mean that all of the ports into the E71 will have the write function disabled?

That is correct. 

Actually the programming port is always available and not necessary to be programmed. 
The Melsoft connection is for Mitsubishi equipment like a GOT.
Yes all ports would be write disabled.

Which SCADA are you using mine has the setting where you on variable level you can decide if writing is enabled.
So even if you would make something on a page to toggle a bit it would not work.

If this isn't possible just I would add an ethernet module to the system.

 

Share this post


Link to post
Share on other sites

We're using a UK based SCADA system called Prodigy by a company called Tascomp Ltd., which is excellent, very fast and superb technical support.

It has always been a monitoring only system logging data and presenting real time mimics and generating pdf reports etc.

The other day I set up some tags wronly in the SCADA system - and foudn that the valves controlled by the PLC were going on and off evrey 5 seconds as SCADA accessed the PLC outputs. Luckily it didn't cause a problem, and we found it very quickly, but it was a bit of a wake up call :)

I think you're right about the additional ethernet module to totally safeguard the system as the SCADA system is the only way anybody malicious can currenly access the PLCs via the internet, even though firewalls and passwords etc are fully in place to try and stop that.

Share this post


Link to post
Share on other sites

Website looks good and always good to know support is good which is most important to me.
 

 

Share this post


Link to post
Share on other sites

Yes, we've been using Prodigy since around 2003 and the system has grown to accomodate all the extra plant which has been added since that time.

We do pay for the support option each year because it is now so important to the company, and it's one of the few companies I know that when you ring up, you can actually talk to the people who write the code, meaning that you do get results very quickly.

Last year we attached some Modbus electrical meters to the system and found that although the values being read looked quite similar to those displayed on the meters, they were never quite right, and a detailed investigation showed that these particular meters used a "not normal Endian" method of encoding the values, and Prodigy then re-wrote their Modbus driver to allow us to select the correct Endian method, all as part of their support package.

Really, really good support .... which is rare these days :(

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now