SIMATIC

STEP 7 Professional 2021

Engineering Software for SIMATIC S7 / C7
Security Information
Siemens provides products and solutions with industrial security functions that support the
secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement - and continuously maintain - a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions constitute one element of such a concept.
Customers are responsible for preventing unauthorized access to their plants, systems,
machines and networks. Such systems, machines and components should only be connected
to an enterprise network or the internet if and to the extent such a connection is necessary and
only when appropriate security measures (e.g. firewalls and/or network segmentation) are in
place.
For additional information on industrial security measures that may be implemented, please
visit

https://www.siemens.com/industrialsecurity.

Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends that product updates are applied as soon as they are
available and that the latest product versions are used. Use of product versions that are no
longer supported, and failure to apply the latest updates may increase customer’s exposure to
cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS
Feed under

https://www.siemens.com/industrialsecurity.

Notes on Installation and Usage

These notes should be considered more up-to-date than the information in other documents.
Read the notes carefully, because they contain information on installing and using STEP 7
Professional.
Also read the Special Notes of the STEP 7 Professional parts of products.
Note when printing the file that the left and right margins are set to a width of 25
millimeters for A4 portrait size.
Contents
Notes on Installation
1 Contents of the Consignment
2 Hardware Requirements
3 Software Requirements
3.1 Operating Environment
3.2 Memory Requirements
4 Installation
4.1 Installation of STEP 7 Professional
4.1.1 Firewall
4.2 License Key of STEP 7 Professional
4.3 Uninstalling STEP 7 Professional
5 Additional Notes
5.1 Special Characteristics of the Operating Systems
6 Terms of License and Disclaimer of Liability for Open Source Software
Notes on Installation
The installation notes contain important information that you will require in order to install
STEP 7 Professional. Read these notes before installing the software.

1 Contents of the Consignment

Contents of DVD STEP 7 Professional

• Folder "InstData":
- STEP 7 V5.7
- Automation License Manager V6.0 SP9 incl. Upd2
- S7-GRAPH V5.7
- S7-SCL V5.7
- S7-PLCSIM V5.4 SP8 incl. Upd1
- S7 Web2PLC V1.0 SP3
Application for creation and setup of user-defined Web pages for the Web server of
the CPU.
- S7 Block Privacy V1.0 SP5
Application for encoding of blocks.
Notes:
A block protected with Block Privacy can only be loaded to the following CPUs:
- S7-300 and ET 200 CPUs as of firmware V3.2
- S7-400 CPUs as of firmware V 6.0
- A block protected with "Block Privacy" will not be considered in the reference data
lists! Keep this in mind when creating protected blocks. All global variables used in
creating protected blocks cannot be entered in the reference data list. This means you
should not use global variables in the protected blocks.

• Folder "_Manuals":
- file "STEP 7 - What's New.rtf"
- file "S7-GRAPH - What's New.rtf"
- file "S7-SCL - What's New.rtf"
- Electronic manuals for STEP 7
- Electronic manuals for S7-GRAPH
- Electronic manuals for S7-SCL
- Electronic manuals for S7-PLCSIM
- Command Interface description
- Description of the Central Installation Procedure
The manuals are available in an installable form in the folder "_Manuals" and are optionally
available on your computer after STEP 7 Professional has been installed. If you do not install
the manuals, you can also view at any time on the data carrier.

Important note
The manuals are no longer updated. Please refer to the corresponding online help
for up-to-date information.

• Folder "Optional Components" (Has to be explicitly installed by the user if necessary).

- Folder "Communication Blocks"
Documentation of blocks FETCH/WRITE-FBs 210 and 220.
- Folder "CP PtP-Param"
Configuration of the communications processors CP 340, CP 341, CP 440, CP 441-1, CP
441-2
- Folder "FM Configuration Package"
Configuration of the function modules FM 350-1, FM 350-2, FM 351, FM 352, FM 352-5,
FM 355, FM 355-2, FM 450-1, FM 451, FM 452, FM 455
- Folder "OC Wizard"
With this tool, link modules for open TCP/IP communication can be created.
The wizard can be installed from this folder by means of “Setup“. An existing installation
must be removed beforehand.
In this folder, please read the provided documentation with application examples (PDF
file) as well as the conditions of warranty, liability and support.
- Folder "PROFIenergy"
Projects (ET200S) and descriptions
- Folder "S7-PCT" (S7 Port Configuration Tool)
- Folder "SCT Security Configuration Tool"
Configuration of the Security functions of SIMATIC NET products.
• Folder "Open Source Software"
Source code of the OSS software
2 Hardware Requirements
In order to work with the STEP 7 Professional, you need a suitable programming device or a
suitable PC. There are no special hardware requirements. Therefore, the minimum
requirements specific to the operating system apply. You can find these requirements on the
appropriate Microsoft websites.
When using a PC instead of a PG, you also need to have an external prommer for SIMATIC
Memory Cards / MMC if you want to save your S7 user program to EPROMs. A
communications card (CP) or SIMATIC NET connection is necessary for PC online functions
to the automations system (PLC).
As of STEP 7 V5.5 you can use the USB prommer without installating additional software. The
necessary functionality has been integrated as of STEP 7 V5.5.
3 Software Requirements

3.1 Operating Environment

Operating System
STEP 7 Professional 2021 can be used with the following operating systems:
• MS Windows 10 Pro and Enterprise (64-bit)
• MS Windows Server 2016 (64-bit) (Standard Edition as work station computer)
• MS Windows Server 2019 (64-bit) (Standard Edition as work station computer)
STEP 7 Professional has not been tested on any other operating systems; use at your own
risk.
Note that STEP 7 Professional is only released with the MUI versions of the approved
Windows operating systems.

Compatibility tool
With the compatibility tool, you can put together a compatible selection of software products or
check existing configurations for compatibility. You can find the compatibility tool at:
https://support.industry.siemens.com/cs/ww/en/view/64847781

Important additional information:

• STEP 7 Professional 2021 checks during the installation of HSPs and other functions, that
the files have a valid certificate. This check requires a corresponding root certificate, which
has to be available on the computer in a current version. If the root certificate is
unavailable or expired, errors can occur during the installation of HSPs or the performance
in connection with GSDML files can suffer. This behavior is described in FAQ 87057037.
https://support.automation.siemens.com/WW/view/de/87057037
• Special consideration when installing the software: Observe the notes in the paragraph
"Special Characteraistics of the Operating Systems" regarding the user group "Siemens
TIA Engineer".
• Special consideration when installing the software on MS Windows Server 2016 or 2019:
If you cannot download the HSPs, make sure that you have enabled the option "Warn if
changing between secure and not secure mode" in the "Advanced" tab of Internet
Explorer. You will receive two security messages in this case that you must confirm with
"OK" or "Yes". Now you will be able to download the HSPs.
• To open hlp files outside of the software, right-click the *.hlp file and select the menu
command Open with > Select as default…. In the dialog box that opens, click on the
"Browse…" button and select the following path: <Drive>:\Program Files (x86)\Common
Files\Siemens\S7WINHLP\S7WinHlp.exe and click "Open". Make sure that the check box
"Always use this app to open this file type" is selected and confirm your settings with "OK";
you can now open all hlp files with a double-click in the future.
Supported virtualization platforms
You can install the SIMATIC STEP 7 Professional software package in a virtual machine. To
do so, use one of the following virtualization platforms:
• VMware Workstation Pro 16.1
• VMware Workstation Player 16.1
• VMware vSphere Hypervisor ESX(i) 7.0
• Microsoft Windows Server 2019 Hyper-V
You can use the following guest operating systems within the selected virtualization platform to
install SIMATIC STEP 7 Professional 2021:
• Windows 10 Pro (64-bit).
There can be restrictions on the STEP 7 online functions.

Note
• The same hardware requirements as for SIMATIC STEP 7 Professional 2021 itself
apply to the guest operating systems.
• The plant operator must ensure that the guest operating systems have sufficient
system resources. .
• We recommend the use of hardware certified by the manufacturers when using
HyperV-Server and ESX(i).
• When you use Microsoft Hyper-V, accessible stations cannot be displayed.
• With respect to the use of communications processors (e.g. CP5711…), please
observe the relevant information in the module documentation and on the
SIMATIC Support pages (https://support.automation.siemens.com).

Internet Explorer
All operating systems must be using MS Internet Explorer 6.0 (or higher).

Display of PDF files

To read the supplied PDF files, you need a PDF reader that is compatible with PDF 1.7
(ISO32000-1:2008 PDF).
Security settings
In project directories, all users who have write access are to receive write permission in case of
non-exclusive use by one user only. These rights have to be set up by an administrator.
Note: The standard rights available in the operating system depend on the operating system in
use. Tools used for the creation of partitions will implement their own security guidelines.

Hibernation mode
Shifting to hibernation mode is generally permitted in STEP 7 Professional. However,
hibernation must not be triggered if online connections are open or projects are being
accessed by STEP 7 applications via a network.
In such cases, online connections could be terminated unintentionally and open projects on
networks may experience data loss.
For these reasons, the energy options for the operating system in the Windows Control Panel
should be set so that hibernation is not automatically triggered (by timer). Hibernation should
not be triggered manually by the user in the cases mentioned above.
3.2 Memory Requirements
STEP 7 Professional requires, depending on the installation, approx. 2 GB of memory on your
hard disk. The exact value depends on your operating system and on the file system used on
your programming device/personal computer.
MS Windows also requires additional free space on the hard disk (typically C:) for its swap file,
depending on the memory configuration.
You should keep at least double the amount of main memory free on your hard disk (example:
with a main memory of 1024 MB you will need 2048 MB hard disk space for the page file
following the installation of STEP 7 Professional).
Depending on the size of the project, it may be necessary to have a larger swap file, for
example, when copying an entire project (twice the size of the project on the hard drive in
addition). If the free memory area for the swap file is too small, errors may occur (the program
could possibly crash). Additional Windows applications which run parallel to STEP 7
Professional (such as Microsoft Word) also require additional hard disk space for the swap file.
In order to ensure that the required memory for the swap file is really available, the minimum
size for the swap file should be set to the above value. This can be set in Windows in the
taskbar in Start > Control Panel (in System > Advanced system settings > Advanced >
Performance > Settings > Advanced).
You must make certain that you have enough free memory on the drive where the project data
are located. If there is not enough memory on the drive, the project data may be destroyed
during an operation (for example, when compiling an STL source file into blocks). We also
recommend that you do not store the project data on the same drive as the Windows swap file.
4 Installation

4.1 Installation of STEP 7 Professional

Insert the STEP 7 Professional DVD in the drive. STEP 7 Professional is installed via a
user-led Setup, which you start with the MS Windows Explorer by double-clicking the
SETUP.EXE program of the STEP 7 Professional DVD.
Before you can upgrade an older STEP 7 Professional Edition to STEP 7 Professional 2021,
you eventually have to transfer your old authorization/license key to the corresponding
authorization/license key medium using AuthorsW/Automation License Manager and change
to the currently approved operating systems.
You can upgrade an existing installation of STEP 7 V5.3, V5.4, V5.5, and V5.6 to STEP 7
Professional 2021. Observe the notes in the paragraph "Operating Environment" regarding the
approved operating systems. You do not have to uninstall these STEP 7 versions and optional
packages. However, you must uninstall older versions and their optional packages
beforehand.

In General the Following Applies:

In order to obtain the optimum display of the information during the Setup, you should set the
color scheme in the control panel of your programming device/personal computer to at least
65536 colors.
Before starting the Setup program, close all applications (such as Microsoft Word, etc.) and
the "Control Panel" window, since you will need to restart Windows following the installation of
STEP 7 Professional so that all system variables can be entered completely.
Insert the STEP 7 Professional DVD in the drive. In order to start installing STEP 7
Professional, double-click the SETUP.EXE program on the STEP 7 Professional DVD from the
Windows Explorer. The Setup program will guide you through the installation.
In the component selection box, select STEP 7, Automation License Manager, and any other
components (S7-SCL, S7-GRAPH, S7-PLCSIM, ...) that you wish to install.
These components will then be installed and entries will be made in Microsoft Windows files.
The following notes are intended to help you make the correct user entries required during the
Setup program:
• The drive on which you install your STEP 7 Professional system can be selected freely. On
some PCs/programming devices, you will not be able to select the drive via the selection
list. In this case, simply enter the drive with its path in the appropriate input box (for
example, "e:\Step7"). Note that all STEP 7 optional packages must also be installed on
this drive, so there must be sufficient space available. Avoid installing STEP 7
Professional on a SUBST drive.
• Before you use STEP 7 Professional, Windows must be restarted. Only then do all of the
Microsoft Windows entries become active. If you do not restart Windows, STEP 7
Professional cannot run properly and data may be lost. If the installation procedure is
aborted, you will also need to restart Windows.
• Refer to the tables in the S7KOMP_B.PDF file (the directory "Step7" following installation)
 for information on which versions of the optional packages can run with STEP 7
Professional under Windows. Contact your Siemens representative for more up-to-date
information or go to our website at: https://support.automation.siemens.com

Note
STEP 7 Professional registers itself in Microsoft Windows system files. You cannot
delete, move or rename STEP 7 Professional files and folders using Microsoft
Windows utilities such as the Explorer or modify STEP 7 Professional data in the
Microsoft Windows registry. The program may no longer run properly after such
modifications.

4.1.1 Firewall
Network settings
The table below shows the STEP 7 network settings you need to analyze network security and
configure external firewalls:

Name Port Transport Direction Function Description

number protocoll
ALM 4410* TCP In-/Outbound License This service provides the complete
service functionality for software licenses and
is used by the Automation License
Manager as well as all license-related
software products.
RFC 102 TCP Outbound S7 Communication with the S7 controller
1006 communi via Ethernet / PROFINET for
cation programming and diagnostic
purposes.
PNIO 34964 UDP Outbound CLRPC PNIO_EPM_PORT, used for
Endpoint Mapper lookup operations.
* Standard port which can be changed with the user configuration
Entries in the Windows firewall
The tables below show the entries made by STEP 7 setup in the Windows Firewall during a
new installation or an upgrade. The entries are displayed during STEP 7 setup and must be
accepted to install STEP 7.
You may have to make these entries yourself if you are using a firewall other than the
Windows Firewall or an additonal firewall.
Additional firewall entries may be necessary when you use STEP 7 optional packages.
When determining/changing the “area” for which this firewall entry is active, take into
consideration the network infrastructure in addition to the basic requirements for network
security.

New installation

Name Application Area

Automation License C:\Program Files\Common Subnet

Manager Service Files\Siemens\sws\almsrv\almsrvx.exe

Adaptive Server C:\Program Files\Common Subnet

Anywhere Database Files\Siemens\SQLANY\Dbeng9.exe
Engine

Adaptive Server C:\Program Files\Common Subnet

Anywhere Network Files\Siemens\SQLANY\Dbsrv9.exe
Server

SIEMENS STEP7 Block C:\WINNT\system32\S7otbxsx.exe Subnet

Administration

SIEMENS STEP7 C:\<INSTALLDIR>SIEMENS\STEP7\S7INF\S7usiapx.exe Subnet

S7InfoBox

SIEMENS STEP7 C:\<INSTALLDIR>SIEMENS\STEP7\S7BIN\S7tgtopx.exe Subnet

SIMATIC Manager

Upgrade

Name Application Area

Automation License C:\Program Files\Common Subnet
Manager Service Files\Siemens\sws\almsrv\almsrvx.exe
Adaptive Server C:\Program Files\Common All computers
Anywhere Database Files\Siemens\SQLANY\Dbeng9.exe
Engine
Adaptive Server C:\Program Files\Common All computers
Anywhere Network Files\Siemens\SQLANY\Dbsrv9.exe
Server
SIEMENS STEP7 Block C:\WINNT\system32\S7otbxsx.exe All computers
Administration
SIEMENS STEP7 C:\<INSTALLDIR>SIEMENS\STEP7\S7INF\S7usiapx.exe All computers
S7InfoBox
SIEMENS STEP7 C:\<INSTALLDIR>SIEMENS\STEP7\S7BIN\S7tgtopx.exe All computers
SIMATIC Manager
4.2 License Key of STEP 7 Professional
Before you can start working with STEP 7 Professional, you must transfer the license key from
the license key meduim to the computer. There are two ways of doing this:
• While you are installing STEP 7 Professional, the Setup program displays a message, if
there is no suitable license key installed on your computer. You can then decide whether
you want the license key to be installed by the Setup program or whether you want to
install the license key manually at a later time using the Automation License Manager.
• If the license key cannot be installed during setup, continue the Setup program without
installing the license key. Then boot the computer and install the license key using the
taskbar (e.g. Windows 7) All Programs\Siemens Automation\Automation License
Manager).
Note
As of STEP 7 Professional Edition 2004, all program components will be activated via a
License Key. This license key can be installed on all local drives. See also the enclosed
product information on the Automation License Manager.
The Automation License Manger prevents the authorizations/license keys from
being installed on invalid drives or media such as RAM drives, diskettes or
compressed drives. If the drive in a device is reported as being a "removable
medium" and not, as usual, as a "hard drive", it will be treated as a CD, which
means that no license key may be installed on it.
In the case of compressed drives, you can install the authorization on the
associated host drive.
Read the notes on the Automation License Manager in the almreadme.rtf file on the
STEP 7 Professional DVD under "Automation License Manager\ALM64\".
Hidden files are stored in the folder "<Drive on which the license key is installed>:\AX NF ZZ".
These files and the folder must not be deleted, moved, or copied. They contain data required
for the licensing of your software.
If you do not adhere to these guidelines, the license key may be irretrievably lost.

Notes on error-free use of the license keys

• The license key medium must not be read-only. Because the license key medium is to be
used without write protection, there is a danger that a virus could be transferred from the
hard disk to the medium. You should therefore run a virus check on your PC or
programming device every time you install or remove a license key.
• If you use an optimizing program which enables you to move fixed blocks of memory, only
use this option once you have moved the license key from the hard disk back to the license
key medium.
• With the License Key a specially marked cluster is shown on the target drive. Some check
programs display this cluster as "defective". Do not try to restore it.
• Do not forget to transfer the license key to the license key medium before formatting,
compressing, or restoring your hard disk or before installing a new operating system.
• If a backup copy of your hard disk contains copies of license keys, there is a danger that
these copies may overwrite the valid installed license keys when you restore your backup
data to the hard disk, thereby destroying the valid license keys. To prevent a valid license
key from being overwritten by a backup copy, you must remove all license keys before you
make a backup copy or exclude the license keys from the backup.

Using the trial license:

If no valid license key is installed for STEP 7 Professional, the Trial License Keys of the
individual products which are always supplied with STEP 7 Professional can be installed.
However, these License Keys are only valid for 21 days.
4.3 Uninstalling STEP 7 Professional

Note
Software products must be removed according to MS Windows.
Use the Microsoft Windows application "Programs and Features" (for example, in
the taskbar in …> Control Panel > Programs and Features > Uninstall a
program) to remove your software package (for example, "STEP 7").
As an alternative, you can use the setup program to uninstall a program.

If you uninstall an older version of STEP 7 in order to install STEP 7 Professional, you must
first uninstall any existing optional packages for STEP 7 as well.
5 Additional Notes
You will find further information on notes on installation and usage, as well as notes on the
operating system versions of the individual products, in the folders of the individual
components on the DVD folder "InstData" and in the 'Programs to be installed' Setup dialog
when you select the program and via the "Readme" button.

5.1 Special Characteristics of the Operating Systems

Note that MS Windows offers an extended protection concept.
This means that access to protected areas of the file system, such as the directories
"Programs" and "Windows", are virtualized. Your data will be forwarded by the operating
system in such a case to user-specific areas.
If the Windows screen display is set to greater than 100% in the control panel, the
representation of certain STEP 7 dialogs (e.g. OC Wizard) is impaired.
Setting the access rights in the operating system
Important changes have been made to the MS Windows 7 safety concept as of STEP 7 V5.5.
This concept is used in case of a new installation (STEP 7 has never been installed on this
computer). In this case, most settings, such as the STEP 7 language and mnemonic method
are user-defined. This means users can make settings using a PC and their login information.
An exception is the setting of the configuration language for the PG/PC interface.
A user group ”Siemens TIA Engineer” will be created under MS Windows 7. The installer will
automatically be added to this user group. Users from this user group have additional rights,
such as configuration of the PG/PC interface under MS Windows 7 (32 Bit) and installation of
the hardware support packages as well as for global setting of the STEP 7 language and
mnemonic for all users of the “Siemens TIA Engineer” group. This language also applies to the
function “Set PG/PC Interface…” if this was started by means of the SIMATIC interface.
You have to make sure that the rights for the user group "SIEMENS TIA Engineer" are set up
in the domain as well as locally.
The administrator has to assign these user rights and it is his responsibility.
Access rights in project directories
See "Security settings" in section 3.1 Operating environment.
 Project files on network drives
If several users work on the same project saved on a network drive at the same time, MS
Windows 7 clients may not recognize changes made to blocks by other users. Possible
remedies include a restart of STEP 7 on the MS Windows 7 client or deactivation of the
opportunistic locking of the respective PG/PC. The latter influences the performance of the
client. Given this background, we do not recommend that several users work on the same
project simultaneously.
User account control
STEP 7 V5.7 can be operated with enabled (3 levels possible) and disabled (never notify) user
account control (UAC) mode.
Following the conversion of the user account control (e.g. by UAC conversion of a program
installed by the system administrator), some of the settings made by the user may no longer be
present. The position and size of the application windows may, for example, be reset to older
(default) values. Some of the projects processed by the user may no longer be visible. You will
have to enter them once again in the project management of STEP 7 (SIMATIC Manager >
Open Project > Find).
Set up domain global user group "Siemens TIA Engineer"
For operation in a domain, you can create a domain global user group that will be mapped to
the local user groups "Siemens TIA Engineer" and "Network configuration operators".
The following prerequisites will have to be met:
• The domain administrator has created a domain global user group.
• The domain administrator has added users to the domain global user group whose login
will be used for access to STEP 7.
Editing projects
You need at least normal user rights to reconfigure the PG/PC interface as of MS Windows 7
64-bit.
A project can include an implicit configuration of the PG/PC interface (PG/PC).
If the PG/PC interface in such a project was implicitly reconfigured by a user with "Siemens
TIA-Engineer" rights, then operators with user rights will not be able to undo this configuration.
This means you will not be able to work online again until an operator with Siemens
TIA-Engineer" rights has reconfigured the PG/PC interface. Otherwise operators will see the
following alarm: "Insufficient user rights for operation of STEP 7".
Temporary IP address assignment
When the device status is being read out, the assignment of temporary IP addresses in the
device may have the result that no diagnostics information is shown. If this happens, update
the list of accessible nodes and repeat the action.

Note
Do not use the hibernate / standby function.

6 Terms of License and Disclaimer of Liability for

Open Source Software
Before installation, please read the "Readme_OSS.htm" file.