What does Rslogix Password really protect?

gbradley

Lifetime Supporting Member
gbradley
Join Date
Apr 2002
Location
Corona, Ca.
Posts
1,637
I was reading Phil's Newsletter, and he said "If you can do fine without remote capability do not install a connection to the outside world."

This week I found out a good reason for the above statement, and something that I did not realize before.
I was falsely under the impression that if somebody wanted to log in to your PLC and change the programming, that the password would protect the PLC.
Password protecting a program in RSLogix only protects it from being opened and modified with RSLogix.

Well, RSLogix is not the only way that somebody can mess with your code.

I was playing with Archie's AdvancedHMI this week. Wow! This is very cool. Thank-you very much.
I'm no expert, but even I was able to generate an interface.
I was able to log onto my Micrologix1400 over the network, and monitor values, and change bits.
Definitely a game changer.
I haven't even begun to dream up all of the possibilities.

After having created this interface I realized that it doesn't matter if a ladder logic file is protected with a password or not, you can examine or change the bits.

So I guess my epiphany is that no matter what, if your machinery is connected to the net, you better have a secure and thoroughly tested firewall.
 
I'm surprised by this, any HMI can be configured to interact with a PLC, it's kinda the way it works. HMIs can read/write data to PLCs and change status bits in the code as required for the process. Its a fundamental isn't it?

Technically, your logic will not change and cannot be changed by an HMI platform, you do in fact need RSLogix to change any code. Certainly changing data within a PLC does not equal to logic changes in the code.

You were able to log onto your Micrologix because you already had the knowledge of how to get there. If you aren't connected to the outside world, you are better off. If you are connected, it still may not be obvious of how to get to your micrologix, and if you are connected to the outside world you should be behind a proper VPN/Firewall anyway.

Certainly data manipulation within a PLC is not to be confused with Logic manipulation. Granted you could cause damage if you put the incorrect data in, however it's the nature of the beast.

Locking the PLC down, using passwords or switching the key switch to "run" mode will prevent logic from being changed, so you did have the correct understanding of the concept, just a misunderstanding in how data manipulation applies. Very two different topics.
 
This is very true. Although you cannot change logic, you can definitely modify values in data files.

The real beauty of AdvancedHMI is in the driver. With a little VB knowledge, the possibilities are endless. A while back my company was about to fly someone into a customers site to make a few parameter adjustments in their PLC program. In about 15 minutes I downloaded AdvancedHMI, created a .exe that would allow the customer to adjust these values from his laptop with zero software required.

Saved him some downtime waiting for a service tech and saved us some money sending him there.

I also did a small project that ran on a PanelView + 6.0 that would save some PLC parameters periodically to the PanelView flash card. That way if the customers PLC took a ****, or someone downloaded an old PLC program, at least they had a way to restore parameters once they put a new PLC in.
 
this is a little off the (PLC) topic here - but let me say this:

if a computer/PLC - ANY COMPUTER/PLC - is connected to the Internet, that computer/PLC can NOT be made "secure" ...

now you can make things complicated for a "hacker" etc. to gain access to your computer/PLC - so complicated that hopefully they'll go somewhere else to mess around - but "secure" ??? ...

nope ...

connecting a computer/PLC to the Internet is like installing a glass window in a bank vault ... it doesn't matter how well the vault door - and the walls - and the locks - are designed ... there's ALWAYS a way to get inside ...
 
Connecting a computer/PLC to the Internet is like installing a glass window in a bank vault ... it doesn't matter how well the vault door - and the walls - and the locks - are designed ... there's ALWAYS a way to get inside ...
Click to expand...
There are several regular members here that are going to have their plants shut down or damaged by this little trap. Convenience for the programmer does not always lead to plant security.
 
To the OP:
I see you posted that you were able to connect but not much info on how to do it. Did you just use Archie's program or did you have to write additional code? I'm just curious.

Edit:

To the OP:
I see your response in post #8. Thanks.
 
Last edited:
jrwb4gbm said:
To the OP:
I see you posted that you were able to connect but not much info on how to do it. Did you just use Archie's program or did you have to write additional code? I'm just curious.
Click to expand...
I just followed Archie's instructions from the YouTube video.
Well, first I tried to use visual studio Express 2012, but I couldn't get that to work.
Then I downloaded visual basic 2010 Express , and I got that to work with the files that I downloaded from Sourceforge.
I used the Micrologix ethernet/ip driver, and it works great.
 
gbradley said:
...
Well, first I tried to use visual studio Express 2012, but I couldn't get that to work...
Click to expand...
I went back and tried to open the project again using:
"Microsoft Visual Studio Express 2012 for Windows Desktop"
It works fine.
It must have been operator error (PBKAC) when I couldn't get it to work the first time.
Thanks
 
the way it should be, is that you physically disconnect the internet from the control network. whenever it is needed, have the client/operator pyhsically hook it up again, but also with a good firewall. thats the best way to limit access. however some places rely on the internet in their control system and they cannot do that. but where possible i believe this is the best practice.
 

Similar Topics

A
Tank level rslogix 5000 program. I’ve got errors on rung 2,3,4. Do u see the problems? Also does my geq n les look right?
Replies
4
Views
172
drbitboy
drbitboy
D
Rslogix does not see the modules
Hello, working with a test project, encountered such a problem that rslogix5000 does not see the modules, in rslinx I see them, the driver with...
Replies
2
Views
846
desa
D
G
RSLogix Task Monitor - What does "Comms" comprised of?
Hello, I have trouble understanding the "Comms" part in the CPU usage pie chart showing in RSLogix Task Monitor Per the RSLogix Task Monitor...
Replies
0
Views
892
Glu3
G
C
RSLogix does not like online edits
Hey y'all I keep getting this weird message when I attempt to do online edits in my program. Very annoying...anyone have some advice on how to...
Replies
7
Views
1,495
CQ21
C
E
[Rslogix 5000]Does factory resetting 1756-L62S will remove safety lock?
Hi all, I have an issue with 1756-L62S (revision 20.13) safety lock. We can't figure out who put safety lock on our project. Before I try...
Replies
0
Views
1,024
ekdpf0114
E
Back
Top Bottom