Fernando Castro
-
Posts
264 -
Joined
-
Last visited
-
Days Won
24
Content Type
Profiles
Forums
Gallery
Events
Blogs
Downloads
Articles
Media Demo
Posts posted by Fernando Castro
-
-
On 1/23/2024 at 8:55 PM, mont222 said:
At the same time, many other controllers integrated into SCADA via Modbus successfully connect to both servers, only Unitronics v570 connects to the one that polls first.
Don't waste your time asking for a decent Modbus TCP implementation.
Vision series are cheap PLCs with incredible versatility. I already tried every possible workaround regarding Modbus TCP communication. And you are right, other controllers do that kind of stuff better.
Modbus TCP in the unitronics vision series is Intended to communicate 1 device to 1 PLC at a time per socket.
There are workarounds but you need either use UDP. Or somehow manage some type of disconnect/reconnect sequence which at the very best will be finicky.
It is what it is. On my previous job I inherited abig ammount of systems built on unitronics platform and Invested a lot of time figuring out how to upgrade the systems whitout replacing the PLCs.
-
🙄 On Industrial automation world, the first resource should be ask to the Original Equipment Manufacuter.
99% of the time you won't have access to the source code. Unless specified by the customer, no vendor provides a project file you can edit.
And, assuming you have access to it, pretty much every single controls brand has proper documentation in the help file.
I am truly surprised how often this happens.
-
18 minutes ago, Nomad said:
I want to ask one more question in this topic. How can I back up the project from the controller? I don’t want to upload it with editing purposes, I need to have it, if something happened to the hardware. Is it possible to use SD card or other way to get in (in compile form for example)? I need to have in case of controller problem and be able to load it in new PLC.
Only possible if the original programmer enabled that option.
-
On 11/30/2023 at 10:49 AM, swb311 said:
¿Algún programador de unitronics en jalisco/guadalajara? Necesito varios programadores para empleo a tiempo completo. Las habilidades de desarrollo web completo también serían útiles.
Any Unitronics Vision programmers in Guadalajara or greater Jalisco MX area?
I would like to find 2-3 devs for a permanent full time position, web dev experience and English skills are a plus.
Aun que no estoy en Guadalajara ( Viví ahi un tiempo) podria asistir de manera remota si alguna vez tienes la necesidad. Tengo bastante experiencia con la serie vision, y se un par de cosas de desarollo web.
Saludos!
-
On 11/27/2023 at 10:27 AM, Flex727 said:
@Cara Bereck Levy, I don't see anything in the Help file that indicates exactly what special characters are allowed or disallowed for the PLC Name. Since this is essentially the password for remote communications, could we get this spelled out so that we can take the appropriate action to secure PLCs in the field?
Thanks.
I see that I am joining late. but I think you could bypass the name with the PCOM protocol.
Since I no longer work with Unitronics I don't have access to the old software that I developed with PCOM dll but I am 99% sure it can be bypassed
Edit: yes, you don't even need to know the name, and in fact you can retrieve the PLC name using this method.
Once you get the PLC name then you can do a new blank download.
-
On 11/27/2023 at 5:16 AM, stembera said:
Hello Pendalar, I have exactly the same incident on V570. Probably there is a security flaw in PCOM protocol, vulnerable if PLC is contacted via internet. I am planning to change all PLCs names, change number of service ports and hide PLCs behind the VPN. I will have a meeting with security expert today evening so I hope I will get more informations.
Please keep us informed about the situation development, if possible. Also, in case of need, feel free to contact me directly.
Using PCOM protocol you only need the IP, and it is easy to get once you are in the network
-
https://www.npr.org/2023/12/02/1216735250/iran-linked-cyberattacks-israeli-equipment-water-plants
I just saw this post and it caught my attention... to be honest, targeting unitronics vision series It could be way too easy.
If i recall correctly, once you are in the same network, unitronics communication drive dll doesn't even need the PLC name to connect to the PLC. And the default port 20256 and 20257 are very well known... assuming the dll allows retrive the PLC name, its easy to download a new blank program to the PLC.
The IP is easier tho get if you are already in the network, Is as simple as using an ARP cmd command to scann all the devices and test for 20257, 20256 or 502 ports open... or I am sure that you can tell just just by the MAC addres.
My suggestion is to add a firewall rule for external incoming connections through those ports if you network is exposed to the internet.
Anyway stay safe.
-
Also always test your modbus communication with something like modbuss poll or modbus master simulator radzio it is free an you just install it on the computer, the modbus configuration is intuitive, and you will be able to test if the issue is on modbus py or on the PLC side.
-
11 hours ago, tasanen said:
Hi Joe,
Here is the requested image from the start of the program. We do have Modbus also in the port 502 and response from that port is identical to the one in 20257. I have been requested to use port 20257, although I don't think it matters too much which one I use. I have help from our side for building the program, but I do not have help for Modbus or pymodbus.
-Tasanen
First of all this rung is awful. No offense to you but visilogic is not a FBD programming, is ladder logic with some function blocks, Visilogic is kind of old and I wouldn't try to push everything on a single rung
Which memory addres are you trying to read from the PLC? To make sure you are doing the correct math for the client modbus addresing.
-
I had one or two corrupted SD cards per month among my 180 PLCs.
SanDisk 16 Gb from Amazon, and I don't even wrote to often, It was used more like a read only memory for managing recipes.
Also the 64 file limit is kind of mysterious, you can store more than 64 but won't be written into the SD card, if you have 64, then record another 10 files, the most 10 recent files will appear on the SD card only if you delete other 10 or more files in the SD Card, where are those other files stores, who nows 🤷♂️, what is the actual limit in that phantom storage its also a mystery.
-
@Ivgeny is this possible with vision series or not?
-
Define how fast is fast.
And I was actually looking for the exact same solution. Best option so far is to use UDP, if your sensors allows it.
-
On 10/10/2023 at 1:09 AM, Ivgeny said:
Hi Fernando,
Please explain your task clearly, I will try to provide you with the right answers.
It's a straightforward application: Use a Unitronics Vision PLC as Modbus TCP/IP Master, communicating with many slave devices at the same time (let's say minimum 2 maximum 4) with low latency, using only one single socket (All other sockets are being used for different applications).
One of the Modbus slaves was supposed to control a process variable linked to the output of a PID loop in the PLC.
BTW, at this point for me, it's only out of my curiosity, the company I worked for has filed for bankruptcy and I was laid off, so I cannot test anything, well... I guess I could (assuming I have some remote connection to the facility still enabled and all my test equipment is still on 😏) but of course that will be illegal. 😅 -
3 hours ago, Ausman said:
I've just asked support to get in on this topic as I think it is important.
As well, re the above, is this info below the above screenshots relevant? .........To me , it is.......
As I don't use Modbus IP at all, my knowledge is limited. But am following this topic with interest.
cheers, Aus
I believe that that is to add the slaves to the protocol, and it means that you can't select a device which IP has not been added to the configuration FB first?
I can communicate without problems, but using the same socket for many devices requires closing the connection and connecting to the other IP before sending/receiving.
-
12 hours ago, kratmel said:
I searched the help a bit and found this (see the red box). Just what does that mean???
I also read that, and I also got confused about it.... however, I just tried and couldn't make it work.
It's even more confusing because it seems that for Modbus TCP/IP a socket connection must be stablished first ..maybe the broadcasting function works on UDP only?
but again... maybe I am doing something wrong, It is a shame that there is no example using Unitronics as a master to multiple slaves.
-
3 hours ago, kratmel said:
I think you have seen this topic
Maybe changing the protocol is more effective than disconnection - connection. But this is again just a hypothesis.
Seems that It Isn't. changing SB147 to 0 stops the communication but I need to re initialize the socket then to connect to Modbus TCP slaves again.
-
I did some tests, and yeah, It's the same on V570 as V700.
14 hours ago, kratmel said:That is, an already open Socket should simply change the address without closing it. This is just a hypothesis, but if the IP address was only static here, I would understand the need for a constant switching process.
The Issue is not the Socket being Open, is that you need to connect the socket to a specific IP first to use Modbus OverTCP/IP.
If you connect to a Device 1, then use Modbus IP function for Device 1, then you try to use another Modbus Function to Device 2 (Using the stored IP for Device 2 on the MI and selecting the correct device) then the PLC still sends the Modbus requests to Device 1. I know that because I get a response status of 7.
* Messages 6, 7, and 11mean that the master has found incompatible elements in the data sent between master and slave.
which makes sense because those requests don't make sense for Device 1.
And based on my tests, to use connect function you should be disconnected first. already tried using connect without disconnecting first.
-
2
-
-
2 hours ago, kratmel said:
Unfortunately, I did not have the opportunity to experiment with the sockets in the V570, but I think that the ability to set the address of the slave device not by a constant but by MI in the Socket should allow changing the interlocutor on the fly.
That is, an already open Socket should simply change the address without closing it. This is just a hypothesis, but if the IP address was only static here, I would understand the need for a constant switching process.
I suspect that the 0.5s delay that Joe once described should be enough for the switching process to complete.
Only an experiment can show whether such switching is possible in principle.
Because in my opinion, as Fernando says, the idea of an Industrial Network loses its meaning for TCP.
That is how I tried the very first time on the V700, and never made it work maybe I was missing something. ... I ended ussing another socket and later one I came out with the Connection/Disconnection method but the connection part is not as fast as one could Imagine, some times it gets out of sync (I have a sequence to detect enabled devices and poll one by one and if one fails to respond on a given time it restarts the entire connection), sure I can reconnect again but 2 to 3 secconds whitout a new value Is not going to make it for a PID Loop.
-
3 hours ago, Ausman said:
Fernando, any chance in your systems of wiring up UniCan? You could possibly get simpler and better performance by using UniCan for simple fast comms b/n all your 570s and 700s, and then localised serial which your slaves may be able to do.
cheers, Aus
In this case No. All the PLCs as slaves to a Modbus Master works great (also V700 doesnt has CAN card ) and Ethernet Is easier because the physically network already exists.
And for the PLC as Modbus Master the Modbus slaves are third party devices that only support ModbusTCP (Also I am already using serial port for other device)
-
On 8/25/2023 at 10:58 AM, Gabriel Franco said:
First of all, not all devices accept UPD.
Initialize Ethernet, Modbus and socket as usual.
There is not need to connect/disconnect to/from each slave.
As you mentioned, just select a slave index and use Modbus FB to poll trhough all slaves.
It may be necessary to add a little delay between devices (in my experience, minimum 100 ms), because of the fact of not having all datagram control present in TCP. However, this delay compared with connect/disconnect times makes UDP by far better than TCP in the overall performance.
following up on this... unfortunately for me, it seems that the 2 devices that I use as slaves doesn't support UDP.
So, I am stuck with my "Connection/Disconnection" routine....
I have a new challenge that I don't know how to solve. I need to implement a PID Loop which its Output will be linked to one of those MODBUS Slaves. the reconnection time of course will be a problem.
I have 570 and V700 and I am trying so hard to maintain the same software for both so Stuck with 4 sockets (1 for data collection as Modbus Slave, 1 for remote operator, 1 software Download/Online view/SD file transfers and 1 for Modbus Master)
I can't believe that the way Modbus master was implemented only allows you to talk to 1 slave in my opinion that defeats the purpose of an Industrial Network.
Any other tricks under the Sleeve?
-
whatever SCADA software you want.... the more appropriated question is what SCADA software your client can afford?
If your client only needs visualization, it may not need to be necessarily a SCADA software. I implemented a visualization system using this stack: Grafana, Influx DB, Telegraf
to monitor an entire facility. Everything open sourced.
-
I just started playing around PID with Unitronics and also, I cannot test the program on the actual process yet.
Having said that to test the logic what I did was a custom sub routine that will simulate an input based on the output, of course this will never maintain a setpoint but at least I can see the PID in action trying to maintain the given set point and test the logic for enabling/disabling the PID and starting the autotune.
The program is as follows. I linearized a the PID output to a series of increments from -50 to 200 then each second, I add the increment value to the input and just with that you can see some oscillations.
-
On 9/22/2023 at 3:47 PM, Joe Tauser said:
2. As Fernando pointed out, your net ID should be 255.
It wasn't me but yeah ID matters for some vendors, although over TCP/IP slave addressing is based on IP and it should be irrelevant.
-
6 hours ago, Milos said:
Thank you Fernando.
I will check with socket connection. Regarding adressing, Vision 280 should be basic model so adressess listed in manual should be Decimal, for advanced is Hex. Anyway I will try.
Thank you one more time.
I think you are correct. Also i found another manual online that says ML statrs on 5100, you could try 5112 and see if that works
Serial command
in Vision & Samba PLC + HMI Controllers & VisiLogic Software
Posted
I did my own version of software to download files from n number of PLCS in the network over ethernet using the documentation @Saragani gave... there is a nice set of tools for developers but documentation is not as good and easy to understand as I would wanted.
@lorenso unlucky for you I no longer have acces to that program... and I don't have hardware to even try to re do something.