корзина пуста
  • Каталог оборудования Siemens


  • Заказные данные
  • Аксессуары
  • Информационные материалы

    Информационные материалы

    The S7-400 is the most powerful PLC in the family of SIMATIC controllers. It enables successful automation solutions with Totally Integrated Automation (TIA). The S7-400 is an automation platform for system solutions in production and process engineering, and it is characterized primarily by its modularity and performance reserves.

    • The power PLC for the mid to high-end performance ranges
    • The solution for even the most demanding tasks
    • With a comprehensive range of modules and performance-graded CPUs for optimal adaptation to the automation task
    • Flexible in use through simple implementation of distributed structures
    • User-friendly connections
    • Optimal communication and networking options
    • User-friendly handling and uncomplicated design without a fan
    • Can be expanded without problems when the tasks increase
    • Multicomputing:
      Simultaneous operation of several CPUs in one S7-400 central controller.
      Multicomputing distributes the overall performance of an S7-400. For example, complex tasks in technologies such as open-loop control, computing or communication can be split and assigned to different CPUs. And every CPU can be assigned its own local I/O.
    • Modularity:
      The powerful backplane bus of the S7-400 and the communication interfaces that can be connected direct to the CPU enable high-performance operation of a host of communication lines. This permits, for example, the division into one communications line for HMI and programming tasks, one line for high-performance and equidistant motion control components, and one "normal" I/O fieldbus. Additionally required connections to MES/ERP systems or the Internet can also be implemented.
    • Engineering and diagnostics:
      The S7-400 is configured and programmed extremely efficiently together with the SIMATIC Engineering Tools particularly in the case of extensive automation solutions with a high engineering component. For this purpose, high-level languages such as SCL and graphical engineering tools for sequential controls, state graphs and technology-oriented diagrams are available, for example.
    • High-availability automation system with redundant design
    • For applications with high fail-safety requirements:
      Processes with high restart costs, expensive downtimes, little supervision, and few maintenance options
    • Redundantly designed central functions
    • Increases availability of I/O: switched I/O configuration
    • Also possible to use I/Os with standard availability: single-sided configuration
    • Hot stand-by: Automatic reaction-free switching to the standby unit in the event of a fault
    • Configuration with 2 separate or one divided central rack
    • Connection of switched I/O via redundant PROFIBUS DP or system-redundant PROFINET I/O.
    • Failsafe automation system for plants with increased safety requirements
    • Complies with safety requirements to SIL 3 in accordance with IEC 61508, AK6 in accordance with DIN V 19250 and Cat. 4 in accordance with EN 954-1
    • If required, also fault tolerant through redundant design
    • Without additional wiring of the safety-related I/O
    • Safety-relevant communication via PROFIBUS DP with PROFIsafe profile
    • Based on S7-400H and distributed ET 200 I/O with fail-safe modules
    • Standard modules for non-safety-related applications can also be used in the automation system
    • Isolation module for the combined use of fail-safe and standard modules in safety mode in one ET 200M.
    Catalog ST 70

    You can also find information about SIMATIC S7-400 in the Catalog ST 70:


    Область применения


    The SIMATIC S7-400 is the power PLC for the mid to high-end performance ranges.

    The modular and fan-free design, high level of expandability, extensive communication and networking options, simple implementation of distributed structures, and user-friendly handling make the SIMATIC S7-400 the ideal solution even for the most demanding tasks in the mid to high-end performance ranges.

    Application areas of the SIMATIC S7-400 include:

    • Automotive industry, e.g. assembly lines
    • Mechanical equipment manufacture, including special mechanical equipment manufacture
    • Warehousing technology
    • Steel industry
    • Building management systems
    • Power generation and distribution
    • Paper and printing industry
    • Woodworking
    • Food and beverages industry
    • Process engineering, e.g. water and wastewater utilities
    • Chemicals industry and petrochemicals
    • Instrumentation and control
    • Packaging machinery
    • Pharmaceutical industry

    Several performance-graded CPU classes and a comprehensive range of modules with a host of user-friendly functions allow users to perform their automation tasks individually.

    In the case of task expansions, the controller can be expanded at any time without significant cost by means of additional modules.

    The SIMATIC S7-400 is universal in use:

    • Maximum suitability for industry thanks to high electromagnetic compatibility and high resistance to shock and vibration.
    • Modules can be connected and disconnected while power switched on.

    In many areas of automation technology, demands are increasing all the time with regard to the availability and thus the fail-safety of the automation systems. There are areas where a plant standstill can result in extremely high costs. Here, only redundant systems can do justice to the availability requirements.

    The fault-tolerant SIMATIC S7-400H meets these requirements. It continues to operate even when parts of the controller have failed due to one or more faults. The availability achieved in this way makes the SIMATIC S7-400H especially suitable for the following application areas:

    • Processes with high restart costs after a controller failure (generally in the process industry).
    • Processes with expensive standstill times
    • Processes involving valuable materials, e.g. in the pharmaceuticals industry.
    • Unsupervised applications
    • Applications with reduced maintenance personnel

    Ordering data

    The ordering data of the components for the S7-400H can be found with the relevant modules under "S7-400/S7-400H/S7-400F/FH".


    The SIMATIC S7-400F/FH fail-safe automation system is used in plants with increased safety requirements. It controls processes where immediate shutdown presents no danger to personnel or the environment. The S7-400F/FH has two basic designs:

    • S7-400F:
      Fail-safe automation system. In the event of faults in the control system, the production process is brought to a safe state and interrupted.
    • S7-400FH:
      Fail-safe and high-availability automation system. In the event of a fault in the control system, redundant control sections intervene and continue control of the production process.

    The additional use of standard modules makes it possible to establish a fully integrated control system for a plant where non-safety related tasks and safety-related tasks co-exist. The overall plant is configured and programmed with the same standard tools.


    The SIMATIC S7-400 is available in several versions:

    • S7-400:
      The power PLC for the mid to high-end performance ranges with modular, fan-free design.
    • S7-400H:
      Fault-tolerant automation system with redundant design for fail-safe applications.
    • S7-400F/FH:
      Fail-safe automation system with redundant design that can also have high availability.

    The S7-400 automation system is modular in design. It has a comprehensive range of modules that can be combined individually.

    A system includes the following:

    • Power supply module (PS):
      for connecting the SIMATIC S7-400 to a supply voltage of 120/230 V AC or 24 V DC.
    • CPUs:
      Different CPUs with integral PROFIBUS DP interfaces are available for different performance ranges. Depending on type, they are also available with integral PROFINET interface. The PROFIBUS interface enables the connection of up to 125 PROFIBUS DP slaves. Up to 256 PROFINET IO devices can be connected to the PROFINET interface. All CPUs of the SIMATIC S7-400 can handle extremely large configurations. In addition, several CPUs can work together in multicomputing in one central controller to increase performance. The CPUs enable short machine cycle times by means of their efficient processing speed and deterministic response times.
    • Signal modules (SMs) for digital (DI/DO) and analog (AI/AO) input/output
    • Communications processors (CPs), e.g. for bus connection and point-to-point connections
    • Function modules (FMs):
      The specialists for demanding tasks such as counting, positioning and cam control.

    The following can also be used depending on requirements:

    • Interface modules (IMs):
      for connecting central controllers and expansion units. The central controller of the SIMATIC S7-400 can be operated with up to 21 expansion units.
    • SIMATIC S5 modules:
      All input/output modules of the SIMATIC S5-115U/-135U/-155U can be addressed in the relevant SIMATIC S5 expansion units. In addition, the use of certain IP and WF modules of the SIMATIC S5 is possible both in S5 EUs and direct in the CC (using adapter casing).


    If users require more than one central controller for their applications, the S7-400 can be expanded:

    • Max. 21 expansion units:
      Up to 21 expansion units (EUs) can be connected to the central controller (CC).
    • Connection of the interface modules (IMs):
      The CC and EUs are connected via send and receive IMs. Send IMs are plugged into the CC, and the associated receive IMs are plugged into the downstream EUs. Up to 6 send IMs can be plugged into the CC (of which up to 2 with 5-V transfer), and up to 1 receive IM can be plugged into the EUs. Each send IM has 2 interfaces for connecting one line each. Up to 4 EUs (without 5-V transfer) or 1 EU (with 5-V transfer) can be connected to each interface of a send IM.
    • Fixed slot for power supply modules:
      Power supply modules must always be plugged in on the extreme left in the CC and EUs.
    • Restricted data exchange via C bus:
      Data exchange via the C bus only between the CC and six EUs (EU 1 to EU 6).
    • Central expansion:
      To be recommended for smaller setups or control cabinets direct at the machine. The 5-V power can optionally also be supplied.
      • Max. distance between CC and the last EU of a line: 1.5 m with 5 V transfer, 3 m without 5 V transfer.
    • Distributed expansion with EUs:
      Recommended in plants covering a large area where several EUs are located at individual locations. Up to S7-400 EUs or SIMATIC S5 EUs can be used.
      • Max. distance between CC and the last EU of a line: approx. 100 m with S7 EU, 600 m with S5 EU.
    • Note For distributed connection of S5 expansion units to an S7-400:
      The IM 463-2 can be used in the CC of the S7-400, and an IM 314 is used in the S5 EU. The following S5 EUs can be connected to an S7-400:
      • EG 183U
      • EG 185U
      • EG 186U
      • ER 701-2
      • ER 701-3

    Connection type

    Maximum (total) cable length

    Local link with 5-V transfer via IM 460-1 and IM 461-1

    1.5 m

    Local link without 5-V transfer via IM 460-0 and IM 461-0

    5 m

    Remote link via IM 460-3 and IM 461-3

    102.25 m

    Remote link via IM 460-4 and IM 461-4

    605 m

    • Distributed expansion with ET 200:
      recommended for plants covering extremely large areas. A line with up to 125 bus nodes can be connected via the PROFIBUS DP interface of a CPU. Maximum distance between the CC and last node on the line: 23 km (with fiber optic cable).
    S7-400 communication

    The SIMATIC S7-400 has different communication options:

    • Combined multipoint interface and DP master, integrated into all CPUs:
      For the simultaneous connection of PGs/PCs, HMI systems, S7-200 and S7-300 systems and other S7-400 systems.
    • Additional PROFIBUS DP interface, integrated into several CPUs for cost-effective connection of distributed I/O systems, e.g. ET 200.
    • Integral PROFINET interface on PROFINET CPUs for connections to distributed I/O systems, or communication with other controllers and PC systems.
    • Communications processors for connecting to the bus systems PROFIBUS und Industrial Ethernet.
    • Communications processors for the powerful point-to-point connections.

    Process communication via PROFIBUS DP

    The SIMATIC S7-400 can be connected as master with PROFIBUS DP via the integral PROFIBUS DP interface of the S7-400-CPU (optional).

    The following can be connected as masters on PROFIBUS DP:

    • SIMATIC S7-400 (CPUs, CP 443-5)
    • SIMATIC S7-300 (CPUs, CP 342-5 DP or CP 343-5)
    • SIMATIC C7 (via C7 with PROFIBUS DP interface or PROFIBUS DP CPs)

    Although PG/PCs with STEP 7 or OPs are masters on the bus, they only use the PG and OP functions that also run in part via PROFIBUS DP.

    The following can be connected as slaves:

    • Distributed I/O devices, e.g. ET 200
    • Field devices
    • SIMATIC S7-200, S7-300
    • C7-633/P DP, C7-633 DP, C7-634/P DP, C7-634 DP, C7-626 DP
    • SIMATIC S7-400 (via CP 443-5 only)

    Data communication via multipoint interface (MPI)

    The multipoint interface (MPI) is a communication interface integrated into the CPUs of the SIMATIC S7-400.

    It is used for:

    • Programming and parameterization
    • HMI
    • Establishing simple network topologies involving equal communication partners
    • Variable connection options:
      The MPI enables simultaneous connection of up to 32 nodes:
      • PGs/PCs
      • HMI systems
      • S7-200 (as slave)
      • S7-300
      • S7-400
      • C7
    • Internal communications bus (C bus);
      communications processors and function modules with C bus connection can be addressed via the MPI or DP interface of the CPU via the C bus of the S7-400. This enables direct access from the PG to the modules connected on the C bus. The C bus can be transferred to up to 6 expansion units via interface modules.
    • Performance data of the MPI:
      • Up to 32 MPI nodes
      • Data transfer rate up to 12 Mbps
    • Flexible mounting options:
      Field-proven components are used to establish MPI communication: Bus cable, bus connector and RS 485 repeater (12 Mbit/s) from the PROFIBUS and "distributed I/O" range.
      They enable optimal adaptation of the design to the requirements. For example, up to 9 repeaters can be switched in series to bridge larger distances between any two MPI nodes.
    • DP master:
      The MPI of the S7-400 can also be configured as a DP master. Up to 32 DP slaves up to max. 12 Mbit/s can then be connected. The programming function and the human machine interface function are then retained

    Data communication via CP (point-to-point)

    Powerful point-to-point connections can be implemented via the CP 441 communications processors.

    • Diverse connection options, including, for example:
      • PCs
      • SIMATIC S5/S7
      • Industrial PCs
      • PLCs from other manufacturers
      • Scanners, barcode readers, identification systems
      • Robot controls
      • Printers
    • Variable interfaces:
      Replaceable interface modules enable communication using different transmission media:
      • 20 mA (TTY)
      • RS 232C (V.24)
      • RS 422/485

    Data communication via CP (PROFIBUS or Industrial Ethernet)

    The SIMATIC S7-400 can be connected to the PROFIBUS and Industrial Ethernet bus systems via the CP 443-x communications processors,

    including, for example:

    • SIMATIC S7-200 (via PROFIBUS)
    • SIMATIC S7-300
    • SIMATIC S7-400
    • SIMATIC S5-115U/H, S5-135U, S5-155U/H
    • Programming devices
    • Personal computers
    • SIMATIC HMI human machine interface systems
    • Numerical controllers
    • Robot controls
    • Industrial PCs
    • Drive controls
    • Devices of other manufacturers

    The SIMATIC S7-400H consists of the following components:

    • 2 central controllers:
      Either 2 separate UR1/UR2 central controllers or 2 areas on one divided central controller (UR2-H).
    • 2 sync modules per central controller for linking both devices via fiber optic cable.
    • 1 CPU 412-5H, 1 CPU 414-5H, 1 CPU 416-5H or 1 CPU 417-5H per central controller.
    • S7-400 I/O modules in the central controllers.
    • UR1/UR2/ER1/ER2 expansion units and/or ET 200M distributed I/O devices with I/O modules.

    Central functions are redundant in design. The I/O can be configured with normal availability and switched.

    Normally available I/O (one-sided configuration)

    In a one-sided configuration, I/O modules are single-channel in design and are addressed by only one of the two central controllers. One-sided I/O modules can be plugged into a central controller and/or into expansion units/distributed I/O devices.

    Information read in on one side is always available to both central controllers provided the device addressing the I/O is working correctly. In the event of a fault, the I/O modules of the affected central controller are out of service.

    One-sided configuration is used:

    • For plant sections that do not require increased availability.
    • For connecting user-program-based, redundant I/O. The system has to be set up symmetrically here.

    Increased availability (switched configuration)

    In a switched configuration, I/O modules are single-channel in design but they are addressed via a redundant PROFIBUS DP by both central controllers. I/O modules operated in a switched configuration can only be plugged into an ET 200M distributed I/O device.

    Connection to the central controllers is made via PROFIBUS DP.

    Redundancy of the I/O

    Redundant I/O modules are configured redundantly in pairs. The use of redundant I/O offers maximum availability because in this way, the failure of a CPU, a PROFIBUS or a signal module is tolerated.

    The following configurations are possible:

    • Redundant I/O in single-sided DP slaves
    • Redundant I/O in switched DP slaves

    Suitable I/O modules

    Mutually redundant modules must be of the same type and design (e.g. both centralized or both distributed). The slots are not stipulated. However, use in different stations is recommended for availability reasons. Please refer to Customer Support or the manual to see which modules can be used.

    Redundancy of the FMs and CPs

    Function modules (FMs) and communications processors (CPs) can be used redundantly in two different configurations:

    • Switched redundant configuration:
      The FMs/CPs can be connected in duplicate to separate ET 200Ms or one switched ET 200M.
    • Two-channel redundant configuration:
      FMs/CPs can be plugged into both subunits or into expansion units connected to the subunits (see one-sided configuration).

    The redundancy of the modules is achieved in different ways here:

    • Programming by the user:
      On the function modules and the the SIMATIC CPs, the redundancy function can generally be programmed by the user. The active module is determined and a possible fault is detected to initiate a switchover. The required program corresponds to the program for a single CPU with redundant FM/CP.
    • Direct support from the operating system.
      In the case of SIMATIC NET-CP 443-1, the operating system supports the redundancy direct. For further details, see under Communication below.

    A fail-safe S7-400F/FH automation system can be configured differently according to requirements:

    Single-channel, one-sided I/O for S7-400F

    The plant requires a fail-safe controller. Fault tolerance is not required. The following are required:

    • 1 CPU 414-4H/417-4H with F-Runtime license.
    • 1 PROFIBUS DP line.
    • ET 200M with IM 153-2.
    • Fail-safe signal modules in non-redundant design.

    In the event of a fault, the I/O is no longer available. The fail-safe signal modules are passivated.

    Single-channel, switched I/O for S7-400FH

    The plant requires a fail-safe controller. Fault tolerance is required on the CPU side. The following are required:

    • 2 CPU 414-4H/417-4H with F-Runtime license.
    • 2 PROFIBUS DP lines.
    • 1 ET 200M with 2 IM 153-2 (redundant).
    • Fail-safe signal modules in non-redundant design.

    If the CPU, IM 153-2 or PROFIBUS DP line fails, the controller remains available. In the case of failure of the fail-safe signal modules or the ET 200M, the I/O is no longer available. The fail-safe signal modules are passivated.

    Redundant, switched I/O for S7-400FH

    The plant requires a fail-safe controller. Fault tolerance is required on the CPU side and the I/O side. The following are required:

    • 2 CPU 414-4H/417-4H with F-Runtime license.
    • 2 PROFIBUS DP lines.
    • 2 ET 200M with 2 IM 153-2 (redundant).
    • Fail-safe signal modules in redundant design.

    In the event of failure of the CPU, IM 153-2 or PROFIBUS DP line, fail-safe signal modules or ET 200M, the controller remains available.

    Standard modules can also be used in the S7-400F/FH automation system. These must not be used together with fail-safe modules in one ET 200M.


    Safety-related and standard communication between the central controller and the ET 200M takes place via PROFIBUS DP. The specially developed PROFIBUS profile PROFIsafe allows the transmission of user data associated with the safety function within the standard data telegram. Additional hardware components such as special safety buses are not required. The necessary software is either integrated in the hardware components as an expansion of the operating system or loaded into the CPU later as a certified software block.

    Safety class with isolation module

    Use of the isolation module in the ET 200M offers the following benefits:

    • PROFIBUS DP lines can be established with copper bus cables. The use of fiber optic cables is not necessary.
    • Every IM 153-x can be used.
    • Mixed operation of fail-safe signal modules in safety mode and S7-300 standard modules in one ET 200M is possible.

    The isolation module is not required if safety class SIL 2 is to be achieved.



    A host of features support users in programming, commissioning and servicing the S7-400:

    • High-speed instruction execution.
    • User-friendly parameter assignment
    • Human machine interfacing:
      User-friendly OCM services are already integrated into the operating system of the S7-400.
    • Diagnostics functions and self-test:
      The intelligent diagnostics system of the CPUs continuously checks the functional capability of the system and registers faults and specific system events.
    • Password protection.
    • Mode selector.
    • System functions.

    The SIMATIC S7-400 complies with national and international standards:

    • CE mark
    • UL approval
    • CSA approval or cULus approval
    • FM approval
    • ATEX approval
    • C-Tick, EMC marking for Australia and New Zealand
    • IEC 61131-2
    • Marine approvals of the classification authorities
      • ABS (American Bureau of Shipping)
      • BV (Bureau Veritas)
      • DNV (Det Norske Veritas)
      • GL (Germanischer Lloyd)
      • LRS (Lloyds Register of shipping)
      • Class NK (Nippon Kaiji Kyokai)

    For details, refer to Manual "S7-400 Automation System S7-400 Module Specifications".


    An S7-400 system is simple to construct with a modular design. One outstanding feature of the the S7-400 is its rugged operation without a fan, which enables the hot swapping of signal modules.

    Its simple design makes the S7-400 flexible and service-friendly:

    • Simple module mounting.
    • Backplane bus integrated into the mounting racks.
    • Simple module replacement, without risk of one module being confused with another
    • Proven connection technology
    • TOP Connect:
      Pre-assembled wiring with 1-core to 3-core connections and screw-type or spring-loaded terminals.
    • Defined installation depth:
      All connections and connectors are recessed into the modules and protected cover flaps.
    • Minimal slot rules


    The CPUs and the communications processors support the following communication types:

    • Process communication;
      for cyclic addressing of I/O modules (exchange of the process image) via a bus (AS-Interface, PROFIBUS DP or PROFINET). Process communication is called up from the cyclic execution levels
    • Data communication;
      for data exchange between automation systems or between HMI stations
      and several automation systems. Data communication takes place cyclically or it is called from the user program via blocks on an event-driven basis.

    Data communication

    The SIMATIC S7-400 has different data communication mechanisms:

    • Cyclic exchange of data packets between networked CPUs with global data communication (GD).
    • Event-driven communication with partners via the communication functions

    Networking can take place via MPI, PROFIBUS or PROFINET.

    Global data (GD)

    With the "Global data communication" service, networked CPUs can exchange data with each other cyclically via MPI (max. 16 GD packets, max. size of the GD packets 64 bytes per cycle). This allows, for example, one CPU to access the data/bit memories/process image of another CPU. If an S7-300 is networked, data exchange is restricted to a maximum of 22 bytes per packet. Global data communication can take place via the MPI. Configuring is carried out using the GD table in STEP 7. In the segmented CR2 mounting rack, two CPUs can communicate via the C bus using GD.

    Communication functions

    Communication services with S7/C7 partners can be established with system-integrated blocks.

    The services are:

    • S7 basic communication via MPI and PROFIBUS.
    • S7 communication via MPI, C bus, PROFIBUS and PROFINET/Industrial Ethernet.

    Communication services with S5 partners and non-Siemens devices can be established with reloadable blocks.

    The services are:

    • S5-compatible communication via PROFIBUS and Industrial Ethernet.
    • Standard communication (non-Siemens systems) via PROFIBUS and Industrial Ethernet (Open User Communication over PROFINET/Industrial Ethernet).

    In contrast to global data, communication connections must be set up for the communication functions.

    Integration into the IT world

    The S7-400 makes it possible to simply link the modern IT world with automation engineering. The following functions are possible using the plug-in CP 443-1 Advanced:

    • Creation of your own web pages with any HTML tools. The process variables of the S7-400 are simply assigned to the HTML objects.
    • Monitoring of the S7-400 via these Web pages using a standard browser.
    • Sending of emails from the user program of the S7-400 via FC calls.
    • Remote programming is possible due to the WAN characteristic of TCP/IP, even via the telephone network, e.g. ISDN.

    The S7-400-H CPUs with PROFINET interface have integrated web servers. Information can thus be read out of the S7-400 station using a standard Web browser:

    • General CPU information
    • Content of the diagnostics buffer
    • Variable table
    • Tag status
    • Module status
    • Messages
    • Information on Industrial Ethernet
    • Diagnostics of the OUC connections
    • Topology of the PROFINET nodes
    • Display of process data and user data via user-defined web pages

    Security mechanisms are available within the Web server mechanisms with the possibility of using user rights and supporting the HTTPS protocol.

    Isochronous mode

    The isochronous mode system function enables synchronous coupling to the cycle of the isochronous PROFIBUS and PROFINET for:

    • Distributed signal acquisition
    • Signal transmission
    • Program execution

    An automation solution is created that captures and processes the input signals and outputs output signals at constant intervals (constant bus cycle time). A consistent partial process image is created at the same time.

    By means of constant bus cycle times and synchronous signal processing of the distributed I/O, the S7-400 ensures precisely reproducible and defined process response times.

    An extensive range of components that support the isochronous mode system function is available for handling demanding tasks from the areas of motion control, measured value acquisition, high-speed controls, etc.

    In distributed automation solutions, the SIMATIC S7-400 also opens up the important application area of high-speed processing operations and enables the achievement of maximum precision and reproducibility. This means increased production with optimal and constant quality.

    Hardware configuration changes in RUN (Configuration in RUN, CiR)

    With SIMATIC S7-400, hardware configuration changes can be made without reaction during operation of a plant. Options include:

    • Addition of the distributed I/O nodes (PROFIBUS DP or PA slaves)
    • Addition and re-parameterization of modules in the ET 200M I/O system.

    CiR – Configuration in RUN reduces commissioning and retooling times by enabling plant expansions and conversions during the operating phase. In addition, this system functionality allows a flexible response to process changes (e.g. process optimization) since the plant does not have to be re-initialized or synchronized due to hardware configuration changes.

    Diagnostics and process monitoring of modules

    Many input/output modules of the SIMATIC S7-400 have intelligent abilities:

    • Monitoring of signal acquisition (diagnostics)
    • Monitoring of signals from the process (hardware interrupt)


    An intelligent diagnostics system can be used to determine whether signal acquisition (in the case of digital modules) or analog processing (in the case of analog modules) of the module is functioning fault-free. In diagnostics analysis, a distinction must be made between parameterizable and non-parameterizable diagnostics messages:

    • Parameterizable diagnostics messages:
      The diagnostics message is only sent if it has been enabled by the appropriate parameterization.
    • Non-parameterizable diagnostics message:
      These messages are sent as a matter of course, that is, independently of parameterization.

    If a diagnostics message is active (e.g. "No sensor supply"), the module triggers a diagnostics interrupt (if the diagnostics message is parameterized, only after the appropriate parameterization). The CPU interrupts processing of the user program or low priority classes, and processes the relevant diagnostics interrupt block (OB 82). Process signals can be monitored via hardware interrupts and responses to changes in the signals can be triggered.

    Different diagnostics messages are available depending on the module type:

    Digital input/output modules


    Diagnostics message

    Possible fault cause

    No sensor supply

    • Sensor supply overload
    • Short-circuit of the sensor supply to M

    No external auxiliary voltage

    • No supply voltage L+ of the module

    No internal auxiliary voltage

    • No supply voltage L+ of the module
    • Internal module fuse defective

    Fuse blown

    • Internal module fuse defective

    Incorrect parameters in module

    • Incorrect parameters transferred to module

    Time watchdog tripped

    • Periodically high electromagnetic interference
    • Module defective

    EPROM fault

    • Periodically high electromagnetic interference
    • Module defective

    RAM fault

    • Periodically high electromagnetic interference
    • Module defective

    Hardware interrupt lost

    • Hardware interrupts come faster than the CPU can process them

    Analog input modules


    Diagnostics message

    Possible fault cause

    No external load voltage

    • No load voltage L+ of the module

    Configuring/parameterization errors

    • Incorrect parameters transferred to module

    Common mode error

    • Difference in potential UCM between the inputs (M-) and reference potential of the measuring circuit (MANA) too high


    • Resistance of sensor circuit too high
    • Interruption of the line between the module and the sensor
    • Channel not switched (open)

    Measuring range low limit violated

    • Input value lower than the underrange, fault possibly caused by
      • Measuring range 4 … 20 mA, 1 … 5 V:
        Sensor connected with reverse polarity;
        wrong measuring range selected
      • Other measuring ranges:
        Wrong measuring range selected

    Measuring range high limit violated

    • Input value exceeds overrange

    Analog output modules


    Diagnostics message

    Possible fault cause

    No external load voltage

    • No load voltage L+ of the module

    Configuring/parameterization errors

    • Incorrect parameters transferred to module

    Short-circuit to M

    • Output overload
    • Short-circuit of the output QV to MANA


    • Resistance of actuator too high
    • Interruption of the line between the module and the actuator
    • Channel not used (open)

    Hardware interrupt

    Process signals can be monitored, and responses to signal changes can be triggered via process interrupts.

    • Digital input modules:
      Depending on the parameterization, the module can trigger a hardware interrupt for each channel group optionally at a rising edge, a falling edge or at both edges of a signal status change. The CPU interrupts processing of the user program or low priority classes, and processes the relevant process interrupt block (e.g. OB40). The signal module can buffer one interrupt per channel.
    • Analog input modules:
      A working range is defined by parameterizing an high and low limit value. The module compares the digitized measured value with these limits. If the measured value violates one of these limits, a hardware interrupt is triggered. The CPU interrupts processing of the user program or low priority classes, and processes the relevant process interrupt block (e.g. OB40). If the limits are above/below the overrange/underrange, no comparison is made.

    Fault-tolerant communication

    With high-availability communication, SIMATIC offers the following features:

    • Increased availability:
      In the event of a fault, communication can be continued via up to 4 redundant connections.
    • Simple operation;
      high-availability is not apparent to the user. User programs for standard communication can be adopted without changes. The redundancy function is defined only at the parameterization stage.

    Fault-tolerant communication is currently supported by the S7-400H (redundant and non-redundant configuration) and by PCs. On PCs, the Redconnect program package is required (see "SIMATIC NET communication systems").

    Depending on availability requirements, different configuration options can be used:

    • Single or redundant bus.
    • Bus in linear or ring topology.

    Mode of operation

    The operating system of the CPU 417-5H/416‑5H/414‑5H/412‑5H executes all the necessary additional functions of the S7-400H autonomously:

    • Data exchange
    • Fault response (failover to standby device)
    • Synchronization of both subunits
    • Self-test

    Redundancy principle

    The S7-400H works according to the principle of active redundancy in "hot standby" mode (reaction-free automatic switchover in the event of a fault). According to this principle, both subunits are active during fault-free operation. In the event of a fault, the intact device assumes control of the process alone.

    To guarantee this transfer bumplessly, fast and reliable data exchange via the central controller link is required.

    In the course of the failover, the devices automatically retain:

    • the same user program
    • the same data blocks
    • the same process image contents
    • The same internal data such as timers, counters, bit memories, etc.

    This means both devices are always completely up-to-date and can continue control alone in the event of a fault.

    For redundant operation of the I/O, this results in the following:

    • During fault-free operation, both modules are active, that is, in the case of redundant inputs, for example, the shared sensor (two sensors are also possible) is read in via two modules, and the results are compared and made available to the user as a unified value for further processing. In the case of redundant outputs, the value calculated by the user program is output by both modules.
    • In the event of a fault, e.g. if one of the two input modules fails, the defective module is no longer addressed, the fault is signaled and processing continues with the intact module only. Following the repair that can take place online, both modules are again addressed.


    For reaction-free switchover, synchronization of both subunits is necessary.

    The S7-400H works with "event-drive synchronization".

    This involves a synchronization operation whenever events could result in different internal states in the subunits, e.g. in the case of:

    • Direct access to the I/O
    • Interrupts, alarms
    • Updating of the user times
    • Modification of data by means of communication functions

    The synchronization takes place automatically by means of the operating system and can be ignored at the programming stage.


    The S7-400H executes extensive self-tests. This involves testing the following:

    • Connection of the central controllers
    • Central processing units
    • Processors/ASICs
    • Memory

    Every detected fault is reported.

    Self-test at startup

    At startup, each subunit executes all self-test functions fully.

    Self-test in cyclic operation

    The complete self-test is spread over several cycles. A short section of the self-test is executed per cycle so that the load on the actual controller is insignificant.

    Configuring, programming

    The S7-400H is programmed like an S7-400. All the STEP 7 functions available there are used.

    STEP 7 V5.2 is required for programming the S7-400H.

    Configuring of I/O modules

    When configuring the hardware, users must specify via HW Config which modules are mutually redundant. This only requires the specification of the modules to be operated in redundant mode and the second module that is to be the "redundancy partner". In the user program, the module with the lowest address is to be accessed. The second address remains hidden from the user and programming of the control section with redundant and non-redundant I/O is identical. The only difference to non-redundant I/O are two FBs (RED_IN and RED_OUT) from the block library that are to be called at the start and at the end of the user program.

    In STEP 7 V5.3 or higher, the library is integrated as standard into STEP 7.


    The S7-400F/FH meets the following safety requirements:

    • Requirement class AK 1 to AK 6 in accordance with DIN V 19250/DIN V VDE 0801
    • Safety requirement class SIL 1 to SIL 3 in accordance with IEC 61508
    • Category 1 to 4 in accordance with EN 954-1

    Mode of operation

    The safety functions of the S7-400F/FH are contained in the F program of the CPU and in the fail-safe signal modules.

    The signal modules monitor output and input signals by means of discrepancy analyses and test signal injections.

    The CPU checks the proper operation of the controller with regular self-tests, command tests, and logical and chronological program execution checks. In addition, the I/O is checked by means of sign-of-life requests.

    If a fault is diagnosed in the system, the system is brought to a safe state.

    F-Runtime license

    The F-Runtime license must be loaded onto the CPU to operate the S7-400F/FH. One license is required for each S7-400F/FH.


    The S7-400F/FH is programmed in the same way as the other SIMATIC S7 systems. The user program for non-fail-safe plant sections is created with proven programming tools such as STEP 7.

    S7 F Systems optional package

    The option package "S7 F Systems" is required for programming the safety-related program sections. The package contains all the functions and blocks required to create the F program.

    For the F program with safety functions, special function blocks from the F library are called up with CFC and interconnected. The use of CFC simplifies the configuring and programming of the plant and, thanks to plant-wide, uniform representation, also the acceptance test. Programmers can concentrate fully on the safety-related application without having to use additional tools.

    Технические данные

    General technical data

    Degree of protection


    Ambient temperature

    0 to 60 °C

    Relative humidity

    5 to 95%, no condensation

    Atmospheric pressure

    1080 to 795 hPa (corresponds to an altitude of -1000 m to +2,000 m)

    Electromagnetic compatibility

    • Interference immunity

    According to EN 61000-6-2

    • Emitted interference

    According to EN 61000-6-4

    Mechanical load

    • Vibration, test according to / tested with

    IEC 60068-2-6 (sine)

    10 to 58 Hz; constant amplitude 0.075 mm;
    58 to 500 Hz; constant acceleration 1 g; duration of oscillation: 10 frequency sweeps per axis in each direction of the three mutually perpendicular axes

    • Shock, test according to / tested with

    IEC 60068-2-27
    Type of shock: Half-sine;
    strength of the shock 10 g (peak value), duration 6 ms
    direction of shock: 100 shocks in each of the 3 mutually perpendicular axes.

    Дальнейшая информация


    Information material for downloading can be found in the Internet: