Arian Pars - SIEMENS



The S7-400 is the most powerful PLC in the family of SIMATIC controllers. It enables successful automation solutions with Totally Integrated Automation (TIA). The S7-400 is an automation platform for system solutions in production and process engineering, and it is characterized primarily by its modularity and performance reserves.

  • The power PLC for the mid to high-end performance ranges.
  • The solution for even the most demanding tasks.
  • With a comprehensive range of modules and performance-graded CPUs for optimal adaptation to the automation task.
  • Flexible in use through simple implementation of distributed structures; user-friendly connections.
  • Optimal communication and networking options.
  • User-friendly handling and uncomplicated design without a fan.
  • Can be expanded without problems when the tasks increase.
  • Multicomputing: 
    Simultaneous operation of several CPUs in one S7-400 central controller.
    Multicomputing distributes the overall performance power of an S7-400. For example, complex tasks can be divided into technologies such as open-loop control, computing or communication, and assigned to different CPUs. And every CPU can be assigned its own local I/O.
  • Modularity: 
    The powerful backplane bus of the S7-400 and the communication interfaces that can be connected direct to the CPU enable high-performance operation of a host of communication lines. This enables, for example, division into one communication path for HMI and programming tasks, one for high-performance and equidistant motion control components, and one for a "normal" I/O fieldbus. Additionally required connections to MES/ERP systems or the Internet can also be implemented.
  • Engineering and diagnostics: 
    The S7-400 is configured and programmed extremely efficiently together with the SIMATIC Engineering Tools particularly in the case of extensive automation solutions with a high engineering component. For this purpose, high-level languages such as SCL and graphical engineering tools for sequential controls, state graph programs and technology-oriented diagrams are available, for example.
  • Fault-tolerant automation system with redundant design.
  • For applications with high fail-safety requirements. 
    Processes with high restart costs, expensive downtimes, little supervision, and few maintenance options.
  • Redundant central functions.
  • Increases availability of I/O: switched I/O configuration.
  • Also possible to use I/Os with standard availability: single-sided configuration.
  • Hot stand-by: automatic reaction-free switching to the standby unit in the event of a fault.
  • Configuration with two separate or one divided central rack.
  • Connection of switched I/O via redundant PROFIBUS DP.
  • Failsafe automation system for plants with increased safety requirements
  • Complies with safety requirements to SIL 3 in accordance with IEC 61508, AK6 in accordance with DIN V 19250 and Cat. 4 in accordance with EN 954-1
  • If required, also fault tolerant through redundant design
  • Without additional wiring of the safety-related I/O:
  • Safety-relevant communication via PROFIBUS DP with PROFIsafe profile
  • Based on S7-400H and ET 200M with fail-safe modules
  • Standard modules for non-safety-related applications can also be used in the automation system
  • Isolation module for joint use of fail-safe and standard modules in safety mode in one ET 200M
Catalog ST 70:

You can also find information about SIMATIC S7-400 in Catalog ST 70:

Manuals / Operating instructions



The SIMATIC S7-400 is the power PLC for the mid to high-end performance ranges.

The modular and fan-free design, high level of expandability, extensive communication and networking options, simple implementation of distributed structures, and user-friendly handling make the SIMATIC S7-400 the ideal solution even for the most demanding tasks in the mid to high-end performance ranges.

Application areas of the SIMATIC S7-400 include:

  • Automobile industry (e.g. production lines)
  • Mechanical equipment manufacture, including special mechanical equipment manufacture
  • Warehousing technology
  • Steel industry
  • Building management systems
  • Power generation and distribution
  • Paper and printing industry
  • Woodworking
  • Food and beverages industry
  • Process engineering, e.g. water supply and wastewater treatment
  • Chemicals industry and petrochemicals
  • Instrumentation and control
  • Packaging machinery

Several performance-graded CPU classes and a comprehensive range of modules with a host of user-friendly functions allow users to perform their automation tasks individually.

In the case of task expansions, the controller can be expanded at any time without significant cost by means of additional modules.

The SIMATIC S7-400 is universal in use:

  • Maximum suitability for industry thanks to high electromagnetic compatibility and high resistance to shock and vibration.
  • Modules can be connected and disconnected under power.

In many areas of automation technology, demands are increasing all the time with regard to the availability and thus the fail-safety of the automation systems. There are areas where a plant standstill can result in extremely high costs. Here, only redundant systems can do justice to the availability requirements.

The fault-tolerant SIMATIC S7-400H meets these requirements. It continues to operate even when parts of the controller have failed due to one or more faults. The availability thus achieved makes the SIMATIC S7-400H especially suitable for the following application areas:

  • Processes with high restart costs after a controller failure (generally in the process industry).
  • Processes with expensive standstill times.
  • Processes involving valuable materials (e.g. in the pharmaceuticals industry).
  • Unsupervised applications.
  • Applications with reduced maintenance personnel.

Ordering data

The ordering data of the components for the S7-400H can be found with the relevant modules under "S7-400/S7-400H/S7-400F/FH".


The SIMATIC S7-400F/FH fail-safe automation system is used in plants with increased safety requirements. It controls processes where immediate shutdown presents no danger to personnel or the environment. The S7-400F/FH has two basic designs:

  • S7-400F: 
    Fail-safe automation system. In the event of faults in the control system, the production process is brought to a safe state and interrupted.
  • S7-400FH: 
    Fail-safe fault-tolerant automation system. In the event of a fault in the control system, redundant control sections intervene and continue control of the production process.

The additional use of standard modules makes it possible to establish a fully integrated control system for a plant where non-safety related tasks and safety-related tasks co-exist. The overall plant is configured and programmed with the same standard tools.


The SIMATIC S7-400 is available in several versions:

  • S7-400: 
    The power PLC for the mid to high-end performance ranges with modular, fan-free design.
  • S7-400H: 
    Fault-tolerant automation system with redundant design for fail-safe applications.
  • S7-400F/FH: 
    Fail-safe automation system with redundant design that can also be fault-tolerant.


The S7-400 automation system is modular in design. It has a comprehensive range of modules that can be combined individually.

A system includes the following:

  • Power supply module (PS): 
    for connecting the SIMATIC S7-400 to a supply voltage of 120/230 V AC or 24 V DC.
  • CPUs: 
    Different CPUs with integral PROFIBUS DP interfaces are available for different performance ranges. Depending on type, they are also available with integral PROFINET interface. The PROFIBUS interface enables the connection of up to 125 PROFIBUS DP slaves. Up to 256 PROFINET IO devices can be connected to the PROFINET interface. All CPUs of the SIMATIC S7-400 can handle extremely large configurations. In addition, several CPUs can work together in multicomputing in one central controller to increase performance. The CPUs enable short machine cycle times by means of their efficient processing speed and deterministic response times.
  • Signal modules (SMs) for digital (DI/DO) and analog (AI/AO) input/output.
  • Communications processors (CPs) for bus connection and point-to-point connections.
  • Function modules (FMs): 
    The specialists for demanding tasks such as counting, positioning and cam control.

The following can also be used depending on requirements:

  • Interface modules (IMs): 
    for connecting central controllers and expansion units. The central controller of the SIMATIC S7-400 can be operated with up to 21 expansion units.
  • SIMATIC S5 modules: 
    All input/output modules of the SIMATIC S5-115U/-135U/-155U can be addressed in the relevant SIMATIC S5 expansion units. In addition, the use of certain IP and WF modules of the SIMATIC S5 is possible both in S5 EUs and direct in the CC (using adapter casing).

If users require more than one central controller for their applications, the S7-400 can be expanded:

  • Max. 21 expansion units: 
    Up to 21 expansion units (EUs) can be connected to the central controller (CC).
  • Connection of the interface modules (IMs): 
    The CC and EUs are connected via send and receive IMs. Send IMs are plugged into the CC, and the associated receive IMs are plugged into the series-connected EU. Up to 6 send IMs can be plugged into the CC (of which up to 2 with 5-V transfer), and up to 1 receive IM can be plugged into the EUs. Each send IM has 2 interfaces for connecting one line each. Up to 4 EUs (without 5-V transfer) or 1 EU (with 5-V transfer) can be connected to each interface of a send IM.
  • Fixed slot for power supply modules: 
    Power supply modules must always be plugged in on the extreme left in the CC and EUs.
  • Restricted data exchange via C bus: 
    Data exchange via the C bus only between the CC and six EUs 
    (EU 1 to EU 6).
  • Central expansion: 
    To be recommended for smaller setups or control cabinets direct at the machine. The 5-V power can optionally also be supplied.
    • Max. distance between CC and the last EU of a line: 
      1.5 m with 5 V transfer, 3 m without 5-V transfer.
  • Distributed expansion with EUs: 
    To be recommended in plants covering a large area where several EUs are located at one location in each case. Up to S7-400 EUs or SIMATIC S5 EUs can be used.
    • Max. distance between CC and the last EU of a line: 
      100 m with S7 EU, 600 m with S5 EU.
  • Note For distributed connection of S5 expansion units to an S7-400: 
    The IM 463-2 can be used in the CC of the S7-400, and an IM 314 is used in the S5-EU. The following S5 EUs can be connected to an S7-400:
    • EG 183U
    • EG 185U
    • EG 186 U
    • ER 701-2
    • ER 701-3
  • Distributed expansion with EU 200: 
    To be recommended for plants covering extremely large areas. A line with up to 125 bus nodes can be connected via the PROFIBUS DP interface of a CPU. Maximum distance between the CC and last node on the line: 23 km (with fiber optic cable).

Connection type

Maximum (total) cable length

Local link with 5-V transfer via IM 460-1 and IM 461-1

1.5 m

Local link without 5-V transfer via IM 460-0 and IM 461-0

5 m

Remote link via IM 460-3 and IM 461-3

102.25 m

Remote link via IM 460-4 and IM 461-4

605 m


The SIMATIC S7-400 has different communication options:

  • Combined multipoint interface and DP master, integrated into all CPUs: 
    For the simultaneous connection of PGs/PCs, HMI systems, S7-200 and S7-300 systems and other S7-400 systems.
  • Additional PROFIBUS DP interface, integrated into several CPUs for cost-effective connection of distributed I/O systems (e.g. ET 200).
  • Integral PROFINET interface on PROFINET CPUs for connections to distributed I/O systems, or communication with other controllers and PC systems.
  • Communications processors for connecting to the bus systems PROFIBUS und Industrial Ethernet.
  • Communications processors for the powerful point-to-point connections.

Process communication via PROFIBUS DP

The SIMATIC S7-400 can be connected as master with PROFIBUS DP via the integral PROFIBUS DP interface of the S7-400-CPU (optional).

The following can be connected as masters on PROFIBUS DP:

  • SIMATIC S7-400 (CPUs, CP 443-5)
  • SIMATIC S7-300 (CPUs, CP 342-5 DP or CP 343-5)
  • SIMATIC C7 (via C7 with PROFIBUS DP interface or PROFIBUS DP CPs)
  • SIMATIC S5-115U/H, S5-135U and S5-155U/H with IM 308
  • S5-95U with PROFIBUS DP interface
  • SIMATIC 505 with PROFIBUS DP interface

Although PG/PCs with STEP 7 or OPs are masters on the bus, they only use the PG and OP functions that also run in part via PROFIBUS DP.

The following can be connected as slaves:

  • Distributed I/O devices, e.g. ET 200
  • Field devices
  • SIMATIC S7-200, S7-300
  • C7-633/P DP, C7-633 DP, C7-634/P DP, C7-634 DP, C7-626 DP
  • SIMATIC S7-400 (via CP 443-5 only)

Data communication via multipoint interface (MPI)

The multipoint interface (MPI) is a communication interface integrated into the CPUs of the SIMATIC S7-400.

It is used for

  • Programming and parameterizing,
  • Human machine interfacing, and
  • Establishing simple network topologies involving equal communication partners
  • Variable connection options: 
    The MPI enables simultaneous connection of up to 32 nodes:
    • PGs/PCs
    • HMI systems
    • S7-200 (as slave)
    • S7-300
    • S7-400
    • C7
  • Internal communications bus (C bus);
    communications processors and function modules with C bus connection can be addressed via the MPI or DP interface of the CPU via the C bus of the S7-400. This enables direct access from the PG to the modules connected on the C bus. The C bus can be transferred to up to 6 expansion units via interface modules.
  • Performance data of the MPI:
    • Up to 32 MPI nodes
    • Data transfer rate up to 12 Mbit/s
  • Flexible mounting options: 
    Field-proven components are used to establish MPI communication: Bus cable, bus connector and RS 485 repeater (12 Mbit/s) from the PROFIBUS and "distributed I/O" range.
    They enable optimal adaptation of the design to the requirements. For example, up to 9 repeaters can be switched in series to bridge larger distances between any two MPI nodes.
  • DP master: 
    The MPI of the S7-400 can also be configured as a DP master. Up to 32 DP slaves up to max. 12 Mbit/s can then be connected. The programming function and the human machine interface function are then retained

Data communication via CP (point-to-point)

Powerful point-to-point connections can be implemented via the CP 441 communications processors.

  • Diverse connection options: The following can be connected for example:
    • PCs
    • SIMATIC S5/S7
    • Industrial PCs
    • PLCs from other manufacturers
    • Scanners, barcode readers, identification systems
    • Robot controls
    • Printers
  • Variable interfaces: 
    Replaceable interface modules enable communication using different transmission media:
    • 20 mA (TTY)
    • RS 232C (V.24)
    • RS 422/485

Data communication via CP (PROFIBUS or Industrial Ethernet)

The SIMATIC S7-400 can be connected to the PROFIBUS and Industrial Ethernet bus systems via the CP 443-x communications processors.

The following can be connected for example:

  • SIMATIC S7-200 (via PROFIBUS)
  • SIMATIC S7-300
  • SIMATIC S7-400
  • SIMATIC S5-115U/H, S5-135U, S5-155U/H
  • Programming devices
  • Personal computers
  • SIMATIC HMI human machine interface systems
  • Numerical controllers
  • Robot controls
  • Industrial PCs
  • Drive controls
  • Devices of other manufacturers


The SIMATIC S7-400H consists of the following components:

  • 2 central controllers: 
    Either 2 separate UR1/UR2 central controllers or 2 areas on one divided central controller (UR2-H).
  • 2 sync modules per central controller for linking both devices via fiber optic cable.
  • 1 CPU 412-3H, 1 CPU 414-4H or 1 CPU 417-4H per central controller.
  • S7-400 I/O modules in the central controllers.
  • UR1/UR2/ER1/ER2 expansion units and/or ET 200M distributed I/O devices with I/O modules.

Central functions are always redundant in design.

I/O can be configured with normal availability and switched.

Normally available I/O (one-sided configuration)

In a one-sided configuration, I/O modules are single-channel in design and are addressed by only one of the two central controllers. One-sided I/O modules can be plugged into

  • one central controller and/or
  • expansion units/distributed I/O devices


Information read in on one side is always available to both central controllers provided the device addressing the I/O is working correctly. In the event of a fault, the I/O modules of the affected central controller are out of service.

One-sided configuration is used:

  • For plant sections that do not require increased availability.
  • for connecting user-program-based, redundant I/O. The system has to be set up symmetrically here.
Increased availability (switched configuration)

In a switched configuration, I/O modules are single-channel in design but they are addressed via a redundant PROFIBUS DP by both central controllers. Switched I/O modules can only be plugged into

  • an ET 200M distributed I/O device


Connection to the central controllers is made via PROFIBUS DP. The switched ET 200Ms are connected to both subunits here.

Redundancy of the I/O

The redundancy of the I/O is supported from operating system version 3.1.

Redundant I/O modules are configured redundantly in pairs. The use of redundant I/O offers maximum availability because in this way, the failure of a CPU, a PROFIBUS or a signal module is tolerated.

Configuration options

The following configurations are possible:

  • Redundant I/O in single-sided DP slaves
  • Redundant I/O in switched DP slaves

Suitable I/O modules

The mutually redundant modules must be of the same type and design (e.g. both centralized or both distributed). The slots are not stipulated. However, use in different stations is recommended for availability reasons. Please refer to Customer Support or the manual to see which modules can be used.

Redundancy of the FMs and CPs

Function modules (FMs) and communications processors (CPs) can be used redundantly in two different configurations:

  • Switched redundant configuration: 
    The FMs/CPs can be connected in duplicate to separate ET 200Ms or one switched ET 200M.
  • Two-channel redundant configuration: 
    FMs/CPs can be plugged into both subunits or into expansion units connected to the subunits (see one-sided configuration).

The redundancy of the modules is achieved in different ways here:

  • Programming by the user: 
    On the function modules and the the SIMATIC CPs, the redundancy function can generally be programmed by the user. The active module is determined and a possible fault is detected to initiate a switchover. The required program corresponds to the program for a single CPU with redundant FM/CP:
  • Direct support from the operating system. 
    In the case of SIMATIC NET-CP 443-1, the operating system supports the redundancy direct. For additional details, see under Communication.


A fail-safe S7-400F/FH automation system can be configured differently according to requirements:

Single-channel, one-sided I/O for S7-400F

The plant requires a fail-safe controller. Fault tolerance is not required. The following are required:

  • 1 CPU 414-4H/417-4H with F-Runtime license.
  • 1 PROFIBUS DP line.
  • ET 200M with IM 153-2.
  • Fail-safe signal modules in non-redundant design.

In the event of a fault, the I/O is no longer available. The fail-safe signal modules are passivated.

Single-channel, switched I/O for S7-400FH

The plant requires a fail-safe controller. Fault tolerance is required on the CPU side. The following are required:

  • 2 CPU 414-4H/417-4H with F-Runtime license.
  • 2 PROFIBUS DP lines.
  • 1 ET 200M with 2 IM 153-2 (redundant).
  • Fail-safe signal modules in non-redundant design.

If the CPU, IM 153-2 or PROFIBUS DP line fails, the controller remains available. In the case of failure of the fail-safe signal modules or the ET 200M, the I/O is no longer available. The fail-safe signal modules are passivated.

Redundant, switched I/O for S7-400FH

The plant requires a fail-safe controller. Fault tolerance is required on the CPU side and the I/O side. The following are required:

  • 2 CPU 414-4H/417-4H with F-Runtime license.
  • 2 PROFIBUS DP lines.
  • 2 ET 200M with 2 IM 153-2 (redundant).
  • Fail-safe signal modules in redundant design.

In the event of failure of the CPU, IM 153-2 or PROFIBUS DP line, fail-safe signal modules or ET 200M, the controller remains available.

Standard modules can also be used in the S7-400F/FH automation system. These must not be used together with fail-safe modules in one ET 200M.


Safety-related and standard communication between the central controller and the ET 200M takes place via PROFIBUS DP. The specially developed PROFIBUS profile PROFIsafe allows the transmission of user data associated with the safety function within the standard data telegram. Additional hardware components, e.g. special safety buses, are not required. The necessary software is either integrated into the hardware components as an expansion, or reloaded into the CPU as a certified software block.

Safety class with isolation module

Use of the isolation module in the ET 200M offers the following benefits:

  • PROFIBUS DP lines can be established with copper bus cable. The use of fiber optic cables is not necessary.
  • Every IM 153-x can be used.
  • Mixed operation of fail-safe signal modules in safety mode and S7-300 standard modules in one ET 200M is possible.

The isolation module is not required if safety class SIL 2 is to be achieved.



A host of features support users in programming, commissioning and servicing the S7-400:

  • High-speed instruction execution.
  • User-friendly parameter assignment
  • Human machine interfacing: 
    User-friendly OCM services are already integrated into the operating system of the S7-400.
  • Diagnostics functions and self-test: 
    The intelligent diagnostics system of the CPUs continuously checks the functional capability of the system and registers faults and specific system events.
  • Password protection.
  • Mode selector.
  • System functions.

The SIMATIC S7-400 complies with national and international standards:

  • CE mark
  • UL approval
  • CSA approval or cULus approval
  • FM approval
  • ATEX approval
  • C-Tick, EMC marking for Australia and New Zealand
  • IEC 61131-2
  • Marine approvals of the classification authorities
    • ABS (American Bureau of Shipping)
    • BV (Bureau Veritas)
    • DNV (Det Norske Veritas)
    • GL (Germanischer Lloyd)
    • LRS (Lloyds Register of shipping)
    • Class NK (Nippon Kaiji Kyokai)

For details, refer to Manual "S7-400 Automation System S7-400 Module Specifications".


An S7-400 system can be established with a modular design and simply, ignoring slot rules. The S7-400 is characterized by rugged operation without fans in which signal modules can be connected and disconnected under power.

Its simple design makes the S7-400 flexible and service-friendly:

  • Simple module mounting.
  • Backplane bus integrated into the mounting racks.
  • Simple module exchange with mechanical key coding.
  • Field-proven connections.
  • TOP Connect: 
    Pre-assembled wiring with 1-core to 3-core connections and screw-type or spring-loaded terminals.
  • Defined installation depth: 
    All connections and connectors are recessed into the modules and protected cover flaps.
  • No slot rules.

The CPUs and the communications processors support the following communication types:

  • Process communication;
    for cyclic addressing of I/O modules (exchange of the process image) via a bus (AS-Interface, PROFIBUS DP or PROFINET). Process communication is called up from the cyclic execution levels
  • Data communication;
    for data exchange between automation systems or between HMI stations 
    and several automation systems. Data communication takes place cyclically or it is called from the user program via blocks on an event-driven basis.

Data communication

The SIMATIC S7-400 has different data communication mechanisms:

  • Cyclic exchange of data packets between networked CPUs with global data communication (GD).
  • Event-driven communication with partners with the communication functions.

Networking can take place via MPI, PROFIBUS or PROFINET.

Global data (GD)

With the "Global data communication" service, networked CPUs can exchange data with each other cyclically via MPI (max. 16 GD packets, max. size of the GD packets 64 bytes per cycle). This allows, for example, one CPU to access the data/bit memories/process image of another CPU. If an S7-300 is networked, data exchange is restricted to a maximum of 22 bytes per packet. Global data communication can only take place via the MPI. Configuring takes place via the GD table in STEP 7. In the segmented CR2 mounting rack, two CPUs can communicate via the C bus using GD.

Communication functions

Communication services with S7/C7 partners can be established with system-integrated blocks.

The services are:

  • S7 basic communication via MPI and PROFIBUS.
  • S7 communication via MPI, C bus, PROFIBUS and PROFINET/Industrial Ethernet.

Communication services with S5 partners and non-Siemens devices can be established with reloadable blocks.

The services are:

  • S5-compatible communication via PROFIBUS and Industrial Ethernet.
  • Standard communication (non-Siemens systems) via PROFIBUS and Industrial Ethernet (Open User Communication over PROFINET/Industrial Ethernet).

In contrast to global data, communication connections must be set up for the communication functions.

Integration into the IT world

The S7-400 makes it possible to simply link the modern IT world with automation engineering. The following functions are possible via the plug-in CP 443-1 Advanced:

  • Creation of your own Web pages with any HTML tools. The process variables of the S7-400 are simply assigned to the HTML objects.
  • Monitoring of the S7-400 via these Web pages using a standard browser.
  • Sending of e-mails from the user program of the S7-400 by FC calls.
  • Remote programming by means of the WAN feature of the TCP/IP also via the telephone network (e.g. ISDN).

The S7-400 PROFINET CPUs have integral Web servers. Information can thus be read out of the S7-400 station using a standard Web browser:

  • General CPU information
  • Content of the diagnostics buffer
  • Variable table
  • Tag status
  • Module status
  • Messages
  • Information on Industrial Ethernet
  • Diagnostics of the OUC connections
  • Topology of the PROFINET nodes
  • Display of process data and user data via user-defined web pages

Security mechanisms are available within the Web server mechanisms with the possibility of using user rights and supporting the HTTPS protocol.

Isochronous mode

The system function isochronous mode enables synchronous coupling

  • of the distributed signal acquisition,
  • the signal transmission and
  • program execution

to the cycle of the isochronous PROFIBUS and PROFINET.

An automation solution is created that captures and processes the input signals and outputs output signals at constant intervals (constant bus cycle time). A consistent partial process image is created at the same time.

By means of constant bus cycle times and synchronous signal processing of the distributed I/O, the S7-400 ensures precisely reproducible and defined process response times.

An extensive range of components that support the isochronous mode system function is available for handling demanding tasks from the areas of motion control, measured value acquisition, high-speed controls, etc.

In distributed automation solutions, the SIMATIC S7-400 also opens up the important application area of high-speed processing operations and enables the achievement of maximum precision and reproducibility. This means increased production with optimal and constant quality.

Hardware configuration changes in RUN (Configuration in RUN, CiR)

With SIMATIC S7-400, hardware configuration changes can be made without reaction during operation of a plant. The following are possible for example:

  • Addition of nodes of the distributed I/O (PROFIBUS DP or PA slaves), and
  • Addition and reparameteriziation of modules in the ET 200M I/O system.

CiR – Configuration in RUN reduces commissioning and retooling times by enabling plant expansions and conversions during the operating phase. In addition, this system functionality allows flexible response to process changes (e.g. process optimization) since the plant does not have to be re-initialized or synchronized due to hardware configuration changes.

Diagnostics and process monitoring of modules

Many input/output modules of the SIMATIC S7-400 have intelligent abilities:

  • Monitoring of signal acquisition (diagnostics)
  • Monitoring of signals from the process (hardware interrupt)


An intelligent diagnostics system can be used to determine whether signal acquisition (in the case of digital modules) or analog processing (in the case of analog modules) of the module is functioning fault-free. In diagnostics analysis, a distinction must be made between parameterizable and non-parameterizable diagnostics messages:

  • Parameterizable diagnostics messages: 
    The diagnostics message is only sent if it has also been enabled by the appropriate parameterization.
  • Non-parameterizable diagnostics message: 
    These messages are sent as a matter of course, that is, independently of parameterization.

If a diagnostics message is active (e.g. "No sensor supply”), the module triggers a diagnostics interrupt (if the diagnostics message is parameterized, only after the appropriate parameterization). The CPU interrupts processing of the user program or low priority classes, and processes the relevant diagnostics interrupt block (OB 82). Process signals can be monitored via hardware interrupts and responses to changes in the signals can be triggered.

Different diagnostics messages are available depending on the module type:

Digital input/output modules


Diagnostics message

Possible fault cause

No sensor supply

  • Sensor supply overload
  • Short-circuit of the sensor supply to M

No external auxiliary voltage

  • No supply voltage L+ of the module

No internal auxiliary voltage

  • No supply voltage L+ of the module
  • Internal module fuse defective

Fuse blown

  • Internal module fuse defective

Incorrect parameters in module

  • Incorrect parameters transferred to module

Time monitoring addressed (watchdog)

  • Periodically high electromagnetic interference
  • Module defective

EPROM fault

  • Periodically high electromagnetic interference
  • Module defective

RAM fault

  • Periodically high electromagnetic interference
  • Module defective

Hardware interrupt lost

  • Hardware interrupts come faster than the CPU can process them

Analog input modules


Diagnostics message

Possible fault cause

No external load voltage

  • No load voltage L+ of the module

Configuring/parameterization errors

  • Incorrect parameters transferred to module

Common mode error

  • Difference in potential UCM between the inputs (M-) and reference potential of the measuring circuit (MANA) too high


  • Resistance of sensor circuit too high
  • Interruption of the line between the module and the sensor
  • Channel not switched (open)

Measuring range low limit violated

  • Input value lower than the underrange, fault possibly caused by
    • Measuring range 4 to 20 mA, 1 to 5 V: 
      Sensor connected with reverse polarity; 
      wrong measuring range selected
    • Other measuring ranges: 
      Wrong measuring range selected

Measuring range high limit violated

  • Input value exceeds overrange

Analog output modules


Diagnostics message

Possible fault cause

No external load voltage

  • No load voltage L+ of the module

Configuring/parameterization errors

  • Incorrect parameters transferred to module

Short-circuit to M

  • Output overload
  • Short-circuit of the output QV to MANA


  • Resistance of actuator too high
  • Interruption of the line between the module and the actuator
  • Channel not used (open)

Hardware interrupt

Process signals can be monitored via hardware interrupts and responses to changes in the signals can be triggered.

  • Digital input modules: 
    Depending on the parameterization, the module can trigger a hardware interrupt for each channel group optionally at a rising edge, a falling edge or at both edges of a signal status change. The CPU interrupts processing of the user program or low priority classes, and processes the relevant diagnostics interrupt block (OB 40). The signal module can buffer one interrupt per channel.
  • Analog input modules: 
    A working range is defined by parameterizing an high and low limit value. The module compares the digitized measured value with these limits. If the measured value violates one of these limits, a hardware interrupt is triggered. The CPU interrupts processing of the user program or low priority classes, and processes the relevant diagnostics interrupt block (OB 40). If the limits are above/below the overrange/underrange, no comparison is made.


Fault-tolerant communication

With fault-tolerant communication SIMATIC offers a new communication type with the following features:

  • Increased availability: 
    In the event of a fault, communication can be continued via up to 4 redundant connections. The necessary switchover is not visible to the user.
  • Simple operation;
    fault tolerance is invisible from the user's perspective. User programs for standard communication can be adopted without changes. The redundancy function is defined only at the parameterization stage.

Fault-tolerant communication is currently supported by the S7-400H (redundant and non-redundant configuration) and by PCs. On PCs, the Redconnect program package is required (see "SIMATIC NET communication systems").

Depending on availability requirements, different configuration options can be used:

  • Single or redundant bus.
  • Bus in linear or ring topology.
Mode of operation

The operating system of the CPU 417-4H, CPU 414-4H and CPU 412-3H executes all the necessary additional functions of the S7-400H autonomously:

  • Data exchange
  • Fault response (failover to standby device)
  • Synchronization of both subunits
  • Self-test

Redundancy principle

The S7-400H works according to the principle of active redundancy in "hot standby" mode (reaction-free automatic switchover in the event of a fault). According to this principle, both subunits are active during fault-free operation. In the event of a fault, the intact device assumes control of the process alone.

To guarantee this transfer bumplessly, fast and reliable data exchange via the central controller link is required.

In the course of the failover, the devices automatically retain

  • the same user program
  • the same data blocks
  • the same process image contents
  • the same internal data such as timers, counters, bit memories, etc.

This means both devices are always completely up-to-date and can continue control alone in the event of a fault.

For redundant operation of the I/O this results in the following:

  • During fault-free operation, both modules are active, that is, in the case of redundant inputs, for example, the shared sensor (two sensors are also possible) is read in via two modules, and the results are compared and made available to the user as a uniform value for further processing. In the case of redundant outputs, the value calculated by the user program is output by both modules.
  • In the event of a fault, e.g. the failure or one or both of the input modules, the defective module is not longer addressed, the fault is reported, and operation continues with the intact module only. Following the repair that can take place online, both modules are again addressed.


For reaction-free switchover, synchronization of both subunits is necessary.

The S7-400H works with "event-drive synchronization".

This involves a synchronization operation whenever events could result in different internal states in the two subunits, e.g. in the case of

  • Direct access to the I/O
  • Interrupts, alarms
  • Updating of the user times or
  • Modification of data by means of communication functions.

The synchronization takes place automatically by means of the operating system and can be ignored at the programming stage.


The S7-400H executes extensive self-tests. This involves testing the following:

  • Connection of the central controllers.
  • CPUs.
  • Processor/ASIC.
  • Memory.

Every detected fault is reported.

Self-test at startup

At startup, each subunit executes all self-test functions fully.

Self-test in cyclic operation

The complete self-test is spread over several cycles. A short section of the self-test is executed per cycle so that the load on the actual controller is insignificant.

Configuring, programming

The S7-400H is programmed like an S7-400. All the STEP 7 functions available there are used.

STEP 7 V5.2 is required for programming the S7-400H.

Configuring of I/O modules

When configuring the hardware, users must specify via HW Config which modules are mutually redundant. This only requires the specification of the modules to be operated in redundant mode and the second module that is to be the "redundancy partner". In the user program, the module with the lowest address is to be accessed. The second address remains hidden from the user and programming of the control section with redundant and non-redundant I/O is identical. The only difference to non-redundant I/O are two FBs (RED_IN and RED_OUT) from the block library that are to be called at the start and at the end of the user program.

The library is integrated into STEP 7 as standard from STEP 7 V5.3.


The S7-400F/FH meets the following safety requirements:

  • Requirement class AK 1 to AK 6 in accordance with DIN V 19250/DIN V VDE 0801.
  • Safety requirement class SIL 1 to SIL 3 in accordance with IEC 61508.
  • Category 1 to 4 in accordance with EN 954-1.
Mode of operation

The safety functions of the S7-400F/FH are contained in the F program of the CPU and in the fail-safe signal modules.

The signal modules monitor output and input signals by means of discrepancy analyses and test signal injections.

The CPU checks the proper operation of the controller with regular self-tests, command tests, and logical and chronological program execution checks. In addition, the I/O is checked by means of sign-of-life requests.

If a fault is diagnosed in the system, the system is brought to a safe state.

F-Runtime license

The F-Runtime license must be loaded onto the CPU 417-4H to operate the S7-400F/FH. One license is required for each S7-400F/FH.


The S7-400F/FH is programmed in the same way as the other SIMATIC S7 systems. The user program for non-fail-safe plant sections is created with the field-proven programming tools, e.g. STEP 7.

S7 F Systems option package

The option package "S7 F Systems" is required for programming the safety-related program sections. The package contains all the necessary functions and blocks for creating the F program. The following software packages must be loaded onto the PG/PC for S7 F Systems to run:

  • STEP 7 from V5.1
  • CFC from V5.23
  • S7-SCL from V5.1 SP 1
  • S7 H Systems V5.1 (optionally for S7-400FH)

For the F program with the safety functions, special function blocks from the F library are called up with CFC and interconnected. The use of CFC simplifies the configuring and programming of the plant and, thanks to plant-wide, uniform representation, also the acceptance test. Programmers can concentrate fully on the safety-related application without having to use additional tools.

Technical specifications

General technical data

Degree of protection


Ambient temperature

0 to 60 °C

Relative humidity

5 to 95%, no condensation

Atmospheric pressure

1080 to 795 hPa (corresponds to an altitude of -1000 m to +2,000 m)

Electromagnetic compatibility

  • Interference immunity

According to EN 61000-6-2

  • Emitted interference

According to EN 61000-6-4

Mechanical load

  • Vibration, test according to / tested with

IEC 60068-2-6 (sine)

10 to 58 Hz; constant amplitude 0.075 mm;
58 to 500 Hz; constant acceleration 1 g; duration of oscillation: 10 frequency sweeps per axis in each direction of the three mutually perpendicular axes

  • Shock, test according to / tested with

IEC 60068-2-27
Type of shock: Half-sine;
strength of the shock 10 g (peak value), duration 6 ms
direction of shock: 100 shocks in each of the 3 mutually perpendicular axes.

More information


Information material for downloading can be found in the Internet:

آرین پارس | درباره ما | دریافت کاتالوگ | تماس با ما | تهران - خیابان شهید بهشتی - خیابان کاووسی فر- کوجه آریا وطنی - پلاک 5 واحد چهارم شرقی
تلفن : 88544290 88544291