SourceForge Logo

Siemens S5 family driver

This is pre-alpha code and information. You assume all responsibility for its use.

DANGER: DON'T connect to a PLC unless you are certain it is safe to do so!!! It is assumed that you are experienced in PLC programming/troubleshooting and that you know EXACTLY what you are doing. PLC's are used to control industrial processes, motors, steam valves, hydraulic presses, etc. You are ABSOLUTELY RESPONSIBLE for ensuring that NO-ONE is in danger of being injured or killed because you affected the operation of a running PLC.
Also expect that buggy drivers could write data even when you expect that they will read only !!!

This driver talks Siemens AS511 protocol. Details of this protocol can be found on
Because the programmer interface of the PLC uses a TTY (20mA current loop), you need a converter. Converters are comercially available from several manufacturers. If you want to build your own there is a wiring diagram
The driver can read and write the following data types:
The ability to read/write timers and counters could easily be added, but I didn't find that much useful. Most other software I came across could not directly access flags and input output states, but it's very convenient because you don't have to copy everything to DBs first. On the other hand, using interface DBs may make you application code cleaner.


Be carefull when writing single bits! The underlying protocol writes a whole byte at a time. To achieve bit writing, the byte is fetched first, then the bit is set or reset and the byte is written back. Because the data exchage is in no way synchronized with the PLC's execution cycle, the PLC might have se reset other bits in the same byte in the meantime. Writing back the byte will undo these changes, producig strange effects. In other words: Bit writing is ok long as your PLC program uses all bits in this byte READ ONLY.

opening object tagobject properties
object typeCommentsheetFirst address Last address Direction DB number First cell Condition Closing object tag
<TRANSFERINST> 'This reads MW0..MW10 to D3.. if C3 is<>0' 3 0 10 0 -1 'D3' 'B1' </TRANSFERINST>
<TRANSFERINST> 'This writes from C3.. to MW0..MW10 to D3 if B1 is<>0' 3 0 10 1 -1 'C3' 'B1' </TRANSFERINST>
ParameterPossible valuesMeaning
CommentAnything you wantUse it to remeber the purpose of the line
Sheet1..last sheetNumber of spreadsheet used
First addressPLC address rangeStart address in PLC
Last addressPLC address rangeEnd address in PLC
Direction0 or 10 means read,1 means write
DB number0..255Data block with this number
-1Words from flag memory
-2Bytes from flag memory
-3Bits from flag memory
-4Words from outputs memory image
-5Bytes from outputs memory image
-6Bits from outputs memory image
-7Words from inputs memory image
-8Bytes from inputs memory image
-9Bits from inputs memory image
First cellA1..NTP10000First cell cooresponding to first address. Next data elements go to or are taken from cosecutive rows.
ConditionA1..NTP10000A cell which must have numerical contents non zero in order to execute the transfer.

All PLC drivers use blocks of data. The first and last element in PLC memory are used to specify a block. For the corresponding area in the spreadsheet, the first cell coordinate is specified. Further data elements are copied to or taken from consecutive row of the same column.


Currently, the driver does not understand Siemens notation for bits of form F7.2. It expects a single number which, in this case is 7*8+2=58.

Adressing quirk hint:

Strangely, Siemens counts DB words as 16 bit words. In flags(and input/output image), they count bytes. So FW 0 means 'the word containing bytes 0 and 1', while FW 1 means 'the word containing bytes 1 and 2'. The driver follows these conventions. If you use a DB, words 0..4, this is a five word block. If you use FW 0..4,it is a three words block, namely FW0,FW2,FW4.

Speed hint:

For Data Blocks (DB) the driver transfers data for each instruction. If you use for example Words 1 to 5 of DB 3 and words 8 to 10 of the same DB 3, it is faster to read words 1 to 10 as one block and just do nothing with words 6 and 7.