Operating system of Siemens PLC S7 series (300-400)

[Iman]

Hey guys,
I've searched a lot to find the S7 PLC operating system but I couldn't find anything. Can anybody help me on this? and any helpful documents about operating systems of the other PLCs?and in general what is the characteristic of the operating system of PLCs?
Thanks

 

[metwally.mustafa]

Hey guys,
I've searched a lot to find the S7 PLC operating system but I couldn't find anything. Can anybody help me on this? and any helpful documents about operating systems of the other PLCs?and in general what is the characteristic of the operating system of PLCs?
Thanks

please what do you mean by operating system ?

s7 PLC have several versions of software package

like SIMATIC manager , SIMATIC basic . SIMATIC net .these versions are used to programing the CPU for process automation tasks

each CPU has a firmware version . this is obviously noticed by the CPU product number and CPU type EX ( S7-318 2DP)
the firmware version is fully controlled by the manufacturer of the controller
user only uses the controller in industrial applications with software programs only like ( SIMATIC ).

 

[jvdcande]

Hey guys,
I've searched a lot to find the S7 PLC operating system but I couldn't find anything. Can anybody help me on this? and any helpful documents about operating systems of the other PLCs?and in general what is the characteristic of the operating system of PLCs?
Thanks

I think you mean the firmware in the S7 PLCs. If that's the case then the answer is, as it is for all PLC brands, that it is a propriarty system. In other words, you haven't found anything on it and you probably never will. I wonder what would be the use of knowing about it.

Regards,

 

[Iman]

Thank u guys,
I think it is firmware that you said. I've seen in some websites the operating system (or firmware) of the Allen-Bradly PLC5 is Microware OS-9 or for the Allen-Bradly Controllogix is VxWorks. They use the Operating System term not firmware.However, I've searched to find the os or firmware of S7 300 or 400 , but I haven't found anything so far. By the way, this is an assignment for university to find out the pros and cons of different OS in different brand of PLC. Further help would be appreciated.

 

[CapinWinky]

A little late to help with your assignment, but VxWorks is the major player in PLC OS. I was fairly sure ControlLogix and CompactLogix used it and I know that everything from B&R uses it. Beckhoff uses Windows CE and various versions of Windows Embedded with the real time option. I can't help you with any others, as I don't know, but I highly doubt anyone is making their own OS in house anymore.

As far as the benefits of VxWorks and similar OSes over Windows, the main thing is knowing with 100% certainty that a task will execute every X microseconds and exactly what order each program will run. In windows, a thread could be put on hold for an extremely long time, completely randomly. It would be devastating when trying to run a high speed machine process.

 

[CapinWinky]

I highly doubt anyone is making their own OS in house anymore.

Actually, I did some digging and Siemens did make their own RTOS for Step 7, but it has been a nightmare for them (stuxnet, basisk, etc). Judging by some power point presentations dated 2012, they are still actively developing their in-house RTOS and focusing on separating HMI processing from the core OS to try and make better use of the CPU.

They did use RTX in a few product lines, so different business groups within Siemens are doing different things. If they have another big snafu with their PLCs, I could see them dropping their in-house development and moving to RTX or VxWorks.

 

[JesperMP]

Actually, I did some digging and Siemens did make their own RTOS for Step 7, but it has been a nightmare for them (stuxnet, basisk, etc).

Stuxnet attacked the PLCs by inserting malicious PLC via a 'man-in-the-middle' virus. The virus was/is never in the PLC.

Judging by some power point presentations dated 2012, they are still actively developing their in-house RTOS and focusing on separating HMI processing from the core OS to try and make better use of the CPU.

In the 'classic' PLCs there have never been any 'HMI processing'.The classic PLCs have always just been PLCs. Everything else has been in outside applications.
They did and still do have combined PLC/HMI solutions. But these are based on Windows. See below.
Siemens PLCs still their own proprietary OS.

They did use RTX in a few product lines, so different business groups within Siemens are doing different things.

They still use RTX extentions to Windows for their PC-based PLCs.
They used to have a software PLC for Windows CE, used on some HMI panels, but they have dropped that. Maybe that is what you mean by "separating HMI processing from the core OS".
I am sure that PC-based PLCs ("WinAC") will remain a core product for Siemens.

The realtime extentions used to be from Ardence (now Intervalzero). Either Siemens are still using, or they are now making their own.

With WinAC, you can have HMI application running alongside on the same PC, but that is no different than any other PC application. The HMIs do not have any "realtime" properties per se.

 

[CapinWinky]

You may be right about Siemens not looking to handle HMI data on the PLC, the presentation (towards the end) does talk about PCI and x86, implying PC.

Stuxnet used many vulnerabilities in the S7, the drive firmware (forgot the brand, started with a V, I think), and Windows/SCADA/DCOM to pull off what it did. The S7's susceptibility to replay attacks did play a big role, but the most embarrassing thing for Siemens was the more recent discovery of the backdoor password, Basisk, in a particular FW version.

 

[JesperMP]

The platform described in the presentation does not look like anything from Siemens that I can recognize. Not Windows-based, nor classical S7 CPUs.

I wonder if it is a theoretical new design, maybe based on the new TIA platform.
But I am curious how they would fit the HMI part into the TIA platform they have now which is either based on Windows, Windows CE or Linux.

Also, the advantage described (faster HMI updates) is IMHO irrelevant, since current HMIs are plenty fast enough. Especially with current WinAC RTX and WinCC on the same Windows PC, the HMI update time is a non-issue.

edit: The pesentation shows how the "GPOS" HMI updates every 1.5 ms.
Could be neat for visually fluid animations, but apart from that entirely unnecessary and a waste of effort. There are other HMI things that are more important than to get near microsecond update times.

 

[mk42]

CapinWinky,

If you have any sources about Stuxnet attacking S7 PLC vulnerabilities, I'd be really curious to read them.

Everything I've seen suggests that the virus was on the Engineer's computer, and modified the S7 download driver such that in certain cases it downloaded some extra code. It also hid that code when the engineer went online with the PLC. The PLC executed exactly the code that was downloaded to it, I don't even think a replay attack was involved.

I also haven't heard of any drive firmware issues associated with Stuxnet. The virus was created to physically destroy the centrifuges via the VFD, but I think that was related to harmonic frequencies, or some other physical phenomemon caused by the hidden changed setpoints, not the drive software.

There were numerous windows vulnerabilies exploited to get the virus onto the engineering station, as well as the hardcoded SCADA passwords. I'm not saying the S7 plc's have had zero security flaws, but I've never heard of any of the stuxnet virus actually used. To me, what the PLC's lacked was diagnostics capable of telling the engineering team that the code in the PLC didn't match what it used to, perhaps via signatures or some other means.

Jesper,

I also don't recognize the architecture in the slides. I saw numerous mentions of Motion control and Axis, so perhaps it is referring to Simotion?

Also, I think Siemens does have their own realtime operating system, RMOS, so I've always wondered why they used the Ardence/IntervalZero RTX for their softPLC.

 

[Iman]

A little late to help with your assignment,

That's ok, I really thank you for your good information and for another time making this post active which I've got interesting information.

 

[Iman]

I know that everything from B&R uses it.

As I know B&R have some products which are based on Windows CE like Power Panel series.

 

[Iman]

The realtime extentions used to be from Ardence (now Intervalzero). Either Siemens are still using, or they are now making their own.

With WinAC, you can have HMI application running alongside on the same PC, but that is no different than any other PC application. The HMIs do not have any "realtime" properties per se.

Does SIEMENS use IntervalZero only for its PC based system (WinAC)?
IntervalZero claims that its extension makes Windows like a RTOS? Is it different with HMI that you said it is not real time.