Possible Security Gaps On Standard It Interfaces: Preventing Unauthorized Access - Siemens SIMATIC S7-300 Equipment Manual

Configuration and operation

6.12 Possible security gaps on standard IT interfaces: preventing unauthorized access

MIB files for your SNMP tools
If you use an SNMP tool, you will find the MIB files relevant to the CP in the STEP 7 installation
in the following folder:
<Drive>\<Installation folder>\Siemens\Step7\S7DATA\snmp\mib
For the Automation System MIB, for example, these are the following files:
• automationPS.mib
• automationSmi.mib
• automationSystem.mib
• automationTC.mib
6.12 Possible security gaps on standard IT interfaces: preventing
unauthorized access
With various SIMATIC NET components, such as switches, a wide range of parameter
assignment and diagnostics functions (for example, Web servers, network management) are
available using open protocols and interfaces. The possibility of unauthorized misuse of these
open protocols and interfaces by third parties, for example to manipulate data, cannot be
entirely excluded.
When using the functions listed above and these open interfaces and protocols (for example,
SNMP, HTTP), you should take suitable security measures to prevent unauthorized access to
the components and the network particularly from within the WAN/Internet.
Note
We expressly point out that automation networks must be isolated from the rest of the
company network by suitable gateways (for example using tried and tested firewall systems).
We do not accept any liability whatsoever, whatever the legal justification, for damage
resulting from nonadherence to this notice.
If you have questions on the use of firewall systems and IT security, please contact your local
Siemens office or representative. You will find the address in the SIMATIC catalog IK PI or on
the Internet at the following address:
(http://www.automation.siemens.com/partner/guisearch.asp)
54
Equipment Manual, 01/2023, C79000−G8976−C198−09
CP 343-1 Lean