User-Defined Web - Siemens SIMATIC S7-1200 System Manual

Hide thumbs Also See for SIMATIC S7-1200:

Table of Contents

12.7 User-defined Web pages

User-defined Web pages

The S7-1200 Web server also provides the means for you to create your own application-

specific HTML pages that incorporate data from the PLC.

Unauthorized access to the CPU through user-defined Web pages

Unauthorized access to the CPU through user-defined Web pages could disrupt process

operation, which could result in death, severe personal injury and/or property damage.

Insecure coding of user-defined Web pages introduces security vulnerabilites such as

cross-site scripting (XSS), code injection, and others.

Protect your S7-1200 CPU from unauthorized access by installing it in a secure fashion as

outlined in the Operational Guidelines found on the Industrial Security Web site

(http://www.siemens.com/industrialsecurity).

You create user-defined Web pages using the HTML editor of your choice and download

them to the CPU where they are accessible from the standard Web page menu. This

process involves several tasks:

● Creating HTML pages with an HTML editor, such as Microsoft Frontpage (Page 1041)

● Including AWP commands in HTML comments in the HTML code (Page 1042):The AWP

commands are a fixed set of commands that Siemens provides for accessing CPU

information.

● Configuring STEP 7 to read and process the HTML pages (Page 1057)

● Generating blocks from the HTML pages (Page 1057)

● Programming STEP 7 to control the use of the HTML pages (Page 1059)

● Compiling and downloading the blocks to the CPU (Page 1060)

● Accessing the user-defined Web pages from your PC (Page 1061)

This process is illustrated below:

HTML files with embedded AWP commands

S7-1200 Programmable controller

System Manual, V4.2, 09/2016, A5E02486680-AK