Siemens SCALANCE M804PB User manual
SIMATIC NET
Industrial Remote Communication
Remote Networks
SCALANCE M804PB
Operating Instructions
11/2023
C79000-G8976-C496-04
Preface
Safety notices 1
Security recommendations 2
Description of the device 3
Installation and removal 4
Connecting up 5
Maintenance and cleaning 6
Technical specications 7
Dimension drawing 8
Approvals 9
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualied Personnel
The product/system described in this documentation may be operated only by personnel qualied for the specic
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualied personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended or
approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance
are required to ensure that the products operate safely and without any problems. The permissible ambient
conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identied by ® are registered trademarks of SiemensAktiengesellschaft. The remaining trademarks in
this publication may be trademarks whose use by third parties for their own purposes could violate the rights of
the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
Siemens Aktiengesellschaft
Digital Industries
Postfach 48 48
90026 NÜRNBERG
GERMANY
C79000-G8976-C496-04
Ⓟ 11/2023 Subject to change
Copyright © Siemens 2018 - 2023.
All rights reserved
Preface
Scope of validity of the operating instructions
These operating instructions are valid for SCALANCE M804PB.
Purpose of the operating instructions
Using the operating instructions, you will be able to install and connect the SCALANCE M804PB
correctly. The conguration and the integration of the device in a network are not described in
these instructions.
Naming of the devices
Classication Description Terms used
Product line For all devices and variants of all product groups
within the SCALANCE M-800 product line, the
term M-800 is used.
M-800
Device For a device, only the device name is used. M804PB
Article number
Product Description Article number
SCALANCE M804PB IE router, 2x RJ45 ports, 1x PROFIBUS / MPI 6GK5804-0AP00-2AA2
You will nd the article numbers for the Siemens products of relevance here in the following
catalogs:
• SIMATIC NET Industrial Communication / Industrial Identication, catalog IKPI
• SIMATIC Products for Totally Integrated Automation and Micro Automation, catalog ST70
• Industry Mall - catalog and ordering system for automation and drive technology, Online
catalog (https://mall.industry.siemens.com)
You can request the catalogs and additional information from your Siemens representative.
Documentation on the Internet
You can nd the current version of the document on the Internet at. (https://
support.industry.siemens.com/cs/ww/en/ps/25380/man)
Enter the name or article number of the product in the search lter.
SCALANCE M804PB
Operating Instructions, 11/2023, C79000-G8976-C496-04 3
Documentation on conguration
You will nd detailed information on conguring the devices in the following conguration
manuals:
• SCALANCE M-800 Web Based Management
• SCALANCE M-800 Command Line Interface
Note
Make sure that you read the explanations and instructions in the readme.htm le.
Further documentation
• System manual "Industrial Ethernet"
The system manual contains information on other SIMATIC NET products that you can
operate along with the devices of this product line in an Industrial Ethernet network.
There, you will nd among other things optical performance data of the communications
partner that you require for the installation.
The "SIMATIC NET Industrial Ethernet" system manual can be found on the Internet pages of
Siemens Industry Online Support under the following entry ID: 27069465 (https://
support.industry.siemens.com/cs/ww/en/view/27069465)
• "Passive network components" system manual
This system manual contains installation instructions for several of the most common
components and guidelines for setting up networked automation plants in buildings.
The "Passive network components" system manual can be found on the Internet pages of
Siemens Industry Online Support under the following entry ID: 84922825 (https://
support.industry.siemens.com/cs/ww/en/view/84922825)
SIMATIC NET manuals
You will nd SIMATIC NET manuals on the Internet pages of Siemens Industry Online Support:
• using the search function:
Link to Siemens Industry Online Support (https://support.industry.siemens.com/cs/ww/en/)
Enter the entry ID of the relevant manual as the search item.
• In the navigation panel on the left hand side in the area "Industrial Communication":
Link to the area "Industrial Communication" (https://
support.industry.siemens.com/cs/ww/en/ps/15982/man)
Go to the required product group and make the following settings:
tab "Entry list", Entry type "Manuals"
You will nd the documentation for the SIMATIC NET products relevant here on the data
medium that ships with some products:
• Product CD / product DVD
• SIMATIC NET Manual Collection
Preface
SCALANCE M804PB
4Operating Instructions, 11/2023, C79000-G8976-C496-04
Cybersecurity notes
Siemens provides products and solutions with industrial cybersecurity functions that support
the secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
cybersecurity concept. Siemens’ products and solutions constitute one element of such a
concept.
Customers are responsible for preventing unauthorized access to their plants, systems,
machines and networks. Such systems, machines and components should only be connected
to an enterprise network or the internet if and to the extent such a connection is necessary
and only when appropriate security measures (e.g. rewalls and/or network segmentation)
are in place.
For additional information on industrial cybersecurity measures that may be implemented,
please visit
https://www.siemens.com/global/en/products/automation/topic-areas/industrial-
cybersecurity.html (https://www.siemens.com/global/en/products/automation/topic-areas/
industrial-cybersecurity.html).
Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends that product updates are applied as soon as they are
available and that the latest product versions are used. Use of product versions that are no
longer supported, and failure to apply the latest updates may increase customer’s exposure
to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Cybersecurity
RSS Feed under
https://new.siemens.com/global/en/products/services/cert.html (https://new.siemens.com/
global/en/products/services/cert.html).
Firmware
The rmware is signed and encrypted. This ensures that only rmware created by Siemens can
be downloaded to the device.
The rmware is available on the Internet pages of the Siemens Industry Online Support: (https://
support.industry.siemens.com/cs/ww/en/ps/15982/dl)
Note on rmware/software support
Check regularly for new rmware/software versions or security updates and apply them. After
the release of a new version, previous versions are no longer supported and are not maintained.
Decommissioning
Shut down the device properly to prevent unauthorized persons from accessing condential
data in the device memory.
To do this, restore the factory settings on the device.
Also restore the factory settings on the storage medium.
Preface
SCALANCE M804PB
Operating Instructions, 11/2023, C79000-G8976-C496-04 5
Recycling and disposal
The products are low in pollutants, can be recycled and meet the requirements of the WEEE
directive 2012/19/EU for the disposal of electrical and electronic equipment.
Do not dispose of the products at public disposal sites.
For environmentally friendly recycling and the disposal of your old device contact a certied
disposal company for electronic scrap or your Siemens contact (Product return (https://
support.industry.siemens.com/cs/ww/en/view/109479891)).
Note the dierent national regulations.
Device defective
If a fault develops, send the device to your SIEMENS representative for repair. Repairs on-site are
not possible.
Trademarks
The following and possibly other names not identied by the registered trademark sign ® are
registered trademarks of Siemens AG:
SCALANCE, SINEMA, KEY-PLUG, C-PLUG
License conditions
Note
Open source software
Read the license conditions for open source software carefully before using the product.
You will nd license conditions in the following documents on the supplied data medium:
• OSS_Scalance-M-800-S615_86.pdf
SIMATIC NET glossary
The SIMATICNET glossary describes terms that may be used in this document.
You will nd the SIMATIC NET glossary in the Siemens Industry Online Support at the
following address:
50305045 (https://support.industry.siemens.com/cs/ww/en/view/50305045)
Preface
SCALANCE M804PB
6Operating Instructions, 11/2023, C79000-G8976-C496-04
Table of contents
Preface ................................................................................................................................................... 3
1 Safety notices ........................................................................................................................................ 9
2 Security recommendations.................................................................................................................. 11
2.1 Passwords.......................................................................................................................... 11
3 Description of the device..................................................................................................................... 19
3.1 Product characteristics ....................................................................................................... 19
3.2 Device view ....................................................................................................................... 20
3.3 Scope of delivery ............................................................................................................... 20
3.4 Accessories........................................................................................................................ 21
3.4.1 Installation ........................................................................................................................ 21
3.4.2 PLUG ................................................................................................................................. 22
3.5 Terminals........................................................................................................................... 22
3.6 LED display ........................................................................................................................ 24
3.7 SET button......................................................................................................................... 26
3.8 PLUG ................................................................................................................................. 27
4 Installation and removal...................................................................................................................... 31
4.1 Safety notices for installation ............................................................................................. 31
4.2 Securing the housing......................................................................................................... 34
4.3 Wall mounting ................................................................................................................... 35
4.4 Installing on the DIN rail..................................................................................................... 36
4.5 Installing on the S7-300 standard rail ................................................................................. 37
4.6 Installing on the S7-1500 standard rail ............................................................................... 38
4.7 Mounting on a pedestal ..................................................................................................... 39
5 Connecting up ..................................................................................................................................... 41
5.1 Safety when connecting up................................................................................................ 41
5.2 Power supply ..................................................................................................................... 45
5.3 Grounding ......................................................................................................................... 46
5.4 Digital input/output ........................................................................................................... 47
5.5 Ethernet ............................................................................................................................ 50
5.6 MPI/DP interface ................................................................................................................ 51
5.7 Replacing the PLUG............................................................................................................ 52
SCALANCE M804PB
Operating Instructions, 11/2023, C79000-G8976-C496-04 7
6 Maintenance and cleaning .................................................................................................................. 55
7 Technical specications ....................................................................................................................... 57
8 Dimension drawing.............................................................................................................................. 61
9 Approvals............................................................................................................................................. 65
9.1 EC declaration of conformity .............................................................................................. 66
9.1.1 ATEX.................................................................................................................................. 67
9.1.2 EMC................................................................................................................................... 67
9.1.3 RoHS ................................................................................................................................. 68
9.2 UK Declaration of Conformity............................................................................................. 68
9.2.1 UK Declaration of Conformity for SCALANCE M................................................................... 68
9.2.2 The Equipment and Protective Systems Intended for use in Potentially Explosive
Atmospheres Regulations 2016.......................................................................................... 69
9.2.3 The Electromagnetic Compatibility Regulations 2016.......................................................... 69
9.2.4 The Restriction of the Use of Certain Hazardous Substances in Electrical and Electronic
Equipment Regulations 2012 ............................................................................................. 70
9.3 General approvals .............................................................................................................. 70
Index .................................................................................................................................................... 73
Table of contents
SCALANCE M804PB
8Operating Instructions, 11/2023, C79000-G8976-C496-04
Safety notices 1
CAUTION
To prevent injury and damage, read the manual before using the device.
Read the safety notices
Note the following safety notices. These relate to the entire working life of the device.
You should also read the safety notices relating to handling in the individual sections,
particularly in the sections "Installation" and "Connecting up".
WARNING
Hot surfaces
Electric devices have hot surfaces. Do not touch these surfaces. They could cause severe burns.
• Allow the device to cool down before starting any work on it.
WARNING
EXPLOSION HAZARD
Do not open the device when the supply voltage is turned on.
SCALANCE M804PB
Operating Instructions, 11/2023, C79000-G8976-C496-04 9
Safety notices
SCALANCE M804PB
10 Operating Instructions, 11/2023, C79000-G8976-C496-04
Security recommendations 2
To prevent unauthorized access to the device and/or network, observe the following security
recommendations.
Note
Note that GPS signals can be obfuscated or blocked by malicious third-party devices.
General
• Check the device regularly to ensure that these recommendations and/or other internal
security policies are complied with.
• Evaluate the security of your location and use a cell protection concept with suitable
products. For more information, refer to:
Link: (https://www.siemens.com/industrialsecurity)
• When the internal and external network are disconnected, an attacker cannot access internal
data from the outside. If possible, operate the device only within a protected network area.
• Use VPN to encrypt and authenticate communication from and to the devices.
• For data transmission via a non-secure network, use an encrypted VPN tunnel (IPsec,
OpenVPN).
• Check the user documentation of other Siemens products that are used together with the
device for additional security recommendations.
• Using remote logging, ensure that the system protocols are forwarded to a central logging
server. Make sure that the server is within the protected network and check the protocols
regularly for potential security violations or vulnerabilities.
2.1 Passwords
Authentication
Note
Accessibility risk - Risk of data loss
Do not lose the passwords for the device. Access to the device can only be restored by resetting
the device to factory settings which completely removes all conguration data.
SCALANCE M804PB
Operating Instructions, 11/2023, C79000-G8976-C496-04 11
• Replace the default passwords for all user accounts, access modes and applications (if
applicable) before you use the device. Create a separate user account for each user that will
receive access to the device.
•Dene rules for the assignment of passwords.
• Use passwords with a high password strength. Avoid weak passwords, (e.g. Passwort1,
123456789, abcdefgh) or recurring characters (e.g. abcabc).
This recommendation also applies to symmetrical passwords/keys congured on the device.
• Make sure that passwords are protected and only disclosed to authorized personnel.
• Do not use the same passwords for multiple user names and systems.
• Store the user account details in a safe location to have them available if they are lost. You can
use password managers or encrypted les/drives for this purpose.
• A password must be changed if it is known or suspected to be known by unauthorized
persons.
• When user authentication is performed via RADIUS, make sure that all communication takes
place within the security environment or is protected by a secure channel. Use a RADIUS
connection with changing passwords, expiry time, etc.
• Watch out for link layer protocols that do not oer their own authentication between
endpoints, such as ARP. An attacker could use vulnerabilities in these protocols to attack
hosts, switches and routers connected to your layer 2 network, for example, through
manipulation (poisoning) of the ARP caches of systems in the subnet and subsequent
interception of the data trac. Appropriate security measures must be taken for non-secure
layer 2 protocols to prevent unauthorized access to the network. Physical access to the local
network can be secured or secure, higher layer protocols can be used, among other things.
Certicates and keys
• There is a pre-installed Web server certicate (RSA, 2048 bit key length) and an SSH Private
Key in the device. Replace this certicate with a user-generated, high-quality certicate with
key. Use a certicate signed by a reliable external or internal certication authority. You can
install the certicate in the WBM via "System > Load and Save".
• Use the certication authority including key revocation and management to sign the
certicates.
• Use password-protected certicates in the format "PKCS #12".
• Use certicates with a key length of 4096 bits.
• Make sure that user-dened private keys are protected and inaccessible to unauthorized
persons.
• If there is a suspected security violation, change all certicates and keys immediately.
• SSH and SSL keys are available for admin users. Make sure that you take appropriate security
measures when shipping the device outside of the trusted environment:
– Replace the SSH and SSL keys with disposable keys prior to shipping.
– Decommission the existing SSH and SSL keys. Create and program new keys when the
device is returned.
Security recommendations
2.1Passwords
SCALANCE M804PB
12 Operating Instructions, 11/2023, C79000-G8976-C496-04
• Verify certicates based on the ngerprint on the server and client side to prevent "man in the
middle" attacks. Use a second, secure transmission path for this.
• Before sending the device to Siemens for repair, replace the current certicates and keys with
temporary disposable certicates and keys, which can be destroyed when the device is
returned.
Physical/remote access
• If possible, operate the devices only within a protected network area. Attackers cannot access
internal data from the outside when the internal and the external network are separate from
each other.
• Limit physical access to the device exclusively to trusted personnel.
The memory card or the PLUG (C-PLUG, KEY-PLUG, CLP) contains sensitive data such as
certicates and keys that can be read out and modied. An attacker with control of the
device's removable media could extract critical information such as certicates, keys, etc. or
reprogram the media.
• Lock unused physical ports on the device. Unused ports can be used to gain forbidden access
to the plant.
• We highly recommend that you keep the protection from brute force attacks (BFA) activated
to prevent third parties from gaining access to the device. For more information, see the
conguration manuals, section "Brute Force Prevention".
• If possible, use the VPN functionality to encrypt and authenticate communication for
communication via non-secure networks.
• When you establish a secure connection to a server (for example for an upgrade), make sure
that strong encryption methods and protocols are congured for the server.
• Terminate the management connections (e.g. HTTPS, SSH) properly.
• Make sure that the device has been powered down completely before you decommission it.
For more information, refer to "Decommissioning (Page3)".
• We recommend formatting a PLUG that is not being used.
Hardware / Software
• Use VLANs whenever possible as protection against denial-of-service (DoS) attacks and
unauthorized access.
• Restrict access to the device by setting rewall rules or rules in an access control list (ACL).
• Selected services are enabled by default in the rmware. It is recommended to enable only
the services that are absolutely necessary for your installation.
For more information on available services, see "List of available services (Page11)".
• To ensure you are using the most secure encryption methods available, use the latest web
browser version compatible with the product. Also, the latest web browser versions of
Mozilla Firefox, Google Chrome, and Microsoft Edge have 1/n-1 record splitting enabled,
which reduces the risk of attacks such as SSL/TLS Protocol Initialization Vector
Implementation Information Disclosure Vulnerability (for example, BEAST).
Security recommendations
2.1Passwords
SCALANCE M804PB
Operating Instructions, 11/2023, C79000-G8976-C496-04 13
• Ensure that the latest rmware version is installed, including all security-related patches.
You can nd the latest information on security patches for Siemens products at the Industrial
Security (https://www.siemens.com/industrialsecurity) or ProductCERT Security Advisories
(https://www.siemens.com/cert/en/cert-security-advisories.htm) website.
For updates on Siemens product security advisories, subscribe to the RSS feed on the
ProductCERT Security Advisories website or follow @ProductCert on Twitter.
• Enable only those services that are used on the device, including physical ports. Free physical
ports can potentially be used to gain access to the network behind the device.
• Use the authentication and encryption mechanisms of SNMPv3 if possible. Use strong
passwords.
•Conguration les can be downloaded from the device. Ensure that conguration les are
adequately protected.
Conguration les can be password protected during download. You enter passwords on the
WBM page "System > Load & Save > Passwords".
• When using SNMP (Simple Network Management Protocol):
–Congure SNMP to generate a notication when authentication errors occur.
For more information, see WBM "System > SNMP > Notications".
– Ensure that the default community strings are changed to unique values.
– Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-secure and
should only be used when absolutely necessary.
– If possible, prevent write access.
Secure/non-secure protocols
• Use secure protocols if access to the device is not prevented by physical protection measures.
• Restrict the use of non-secure protocols. While some protocols are secure (e.g. HTTPS, SSH,
802.1X, etc.), others were not designed for the purpose of securing applications (e.g.
SNMPv1/v2c, RSTP, etc.).
Therefore, take appropriate security measures against non-secure protocols to prevent
unauthorized access to the device/network. Use non-secure protocols on the device using a
secure connection (e.g. SINEMA RC).
• If non-secure protocols and services are required, ensure that the device is operated in a
protected network area.
Security recommendations
2.1Passwords
SCALANCE M804PB
14 Operating Instructions, 11/2023, C79000-G8976-C496-04
• Check whether use of the following protocols is necessary:
– Telnet
– HTTP
– Broadcast pings
– Non authenticated and unencrypted interfaces
– ICMP (redirect)
– LLDP
– DHCP Options 66/67
– SNTP
– NTP
– TFTP
– TIA Portal Cloud Connector (not available with SCALANCE MUM85x)
– VRRPv3
– DNS
– SNMPv1/V2c
• If a secure alternative is available for a protocol, use it.
The following protocols provide secure alternatives:
– SNMPv1/v2 → SNMPv3
Check whether use of SNMPv1 is necessary. SNMPv1 is classied as non-secure. Use the
option of preventing write access. The product provides you with suitable setting options.
If SNMP is enabled, change the community names. If no unrestricted access is necessary,
restrict access with SNMP.
– HTTP → HTTPS
– Telnet → SSH
– NTP → Secure NTP
– TFTP → SFTP
– TIA Portal Cloud Connector using a secure connection. Use the "TIA Portal Cloud
Connector" integrated in the product over a VPN solution (e.g. SINEMA RC).
Congure the rewall settings of the SCALANCE M800/S615 (e.g. predened IPv4 rules
"Cloud Connector" to prevent unauthorized access of network devices to the "TIA Portal
Cloud Connector Server").
• Using a rewall, restrict the services and protocols available to the outside to a minimum.
• For the DCP function, enable the "Read Only" mode after commissioning.
• For command SMS, use the identier to secure your SMS messages. You can set a
congurable value for a SCALANCE M device that, in addition to the phone number, must
match the received identier of the SMS. You congure the identier on the WBM page
"System > SMS > SMS Command" or with the CLI commands sms-cmd idx identifier
and sms-cmd sender.
Security recommendations
2.1Passwords
SCALANCE M804PB
Operating Instructions, 11/2023, C79000-G8976-C496-04 15
• TCP Diagnostics Stream is considered non-secure in V8.0. Therefore, the function is only
permitted to be used locally and not in productive operation.
• Only use the "TCP Event" function in secured networks or VPN. The rewall must be activated
beforehand.
List of available services
The following is a list of all available protocols and services as well as their ports through which
the device can be accessed.
The table includes the following columns:
•Service
The services that the device supports.
•Protocol / Port number
Port number assigned to the protocol.
•Default port status
The port status on delivery (factory setting) distinguishes between local and external access.
– Local access: The port is accessed via a local connection (vlan1).
– External access: The port is accessed via an external connection (vlan2).
•Congurable port/service
Indicates whether the port number or the service can be congured via WBM / CLI.
•Authentication
Species whether an authentication of the communication partner takes place or whether
an authentication can be congured.
•Encryption
Species whether the transfer is encrypted or whether the encryption can be congured.
Service Protocol/
Port number
Default port status Congurable Authentica‐
tion
Encryption
2)
Local access External
access 1)
Port Service
DHCPv4 Client UDP/68 Closed 3) Closed -- ✓ -- --
DHCPv6 Client TCP/546
UDP/546
Open Open -- -- -- --
DHCPv4-Server UDP/67 Closed Closed 4) -- ✓ -- --
DNS Client TCP/53
UDP/53
Outgoing only Outgoing only -- ✓ -- --
DNS Server TCP/53
UDP/53
UDP/49000 ...
UDP/65535
Open 5) Closed -- ✓ -- --
DynDNS TCP/80
UDP/80
TCP/443
UDP/443
Outgoing only Outgoing only -- ✓ ✓ --
HTTP TCP/80 Open Closed ✓ ✓ ✓ --
Security recommendations
2.1Passwords
SCALANCE M804PB
16 Operating Instructions, 11/2023, C79000-G8976-C496-04
Service Protocol/
Port number
Default port status Congurable Authentica‐
tion
Encryption
2)
Local access External
access 1)
Port Service
HTTP Proxy TCP/3128
TCP/8080
Outgoing only Outgoing only ✓ ✓ Optional --
HTTPS WBM
Server/Client
TCP/443 Open Closed ✓ ✓ ✓ ✓
IPsec/IKE UDP/500
UDP/4500
Closed Closed -- ✓ ✓ ✓
NTP Client UDP/123 Outgoing only Outgoing only ✓ ✓ -- --
NTP Client (se‐
cure)
UDP/123 Outgoing only Outgoing only ✓ ✓ ✓ --
NTP Server UDP/123 Closed Closed ✓ ✓ -- --
NTP Server (se‐
cure)
UDP/123 Closed Closed ✓ ✓ ✓ --
OpenVPN UDP/1194
TCP/1194
Outgoing only Outgoing only ✓ ✓ ✓ ✓
Ping ICMP Open Closed -- ✓ -- --
RADIUS Client UDP/1812 Closed Closed ✓ ✓ ✓ Optional
UDP/1813 --
SFTP Server TCP/22 Outgoing only Outgoing only ✓ ✓ ✓ ✓
Siemens Re‐
mote Service
(cRSP/SRS)
TCP/443 Outgoing only Outgoing only -- ✓ Optional ✓
SINEMA RC HTTPS/443 and
TCP/UDP
depending on
the server cong‐
uration
Outgoing only Outgoing only ✓ ✓ ✓ ✓
SMTP Client TCP/25 Outgoing only Outgoing only ✓ ✓ -- --
SMTP (secure) TCP/465
TCP/587
Outgoing only Outgoing only ✓ ✓ Optional ✓
SNMPv1/v2c UDP/161 Open Closed ✓ ✓ -- --
SNMPv3 Server UDP/161 Open Closed ✓ ✓ Optional Optional
SNMP Trap UDP/161 Open Closed ✓ ✓ Optional Optional
SNTP Client UDP/123 Closed Closed ✓ ✓ -- --
SSH CLI TCP/22 Open Closed ✓ ✓ ✓ ✓
Syslog Client UDP/514 Outgoing only Outgoing only ✓ ✓ -- --
Syslog Client
TLS
TCP/6514 Outgoing only Outgoing only ✓ ✓ -- ✓
Telnet TCP/23 Closed Closed ✓ ✓ ✓ --
TFTP UDP/69 Outgoing only Outgoing only ✓ ✓ -- --
TIA Portal Cloud
Connector 6)
TCP/9023 Closed Closed ✓ ✓ -- --
TCP Event TCP/26864 Closed Closed ✓ ✓ -- --
SMS Relay 7) TCP/26864 Closed Closed ✓ ✓ -- --
VXLAN 8) UDP/4789 Closed Closed ✓ ✓ -- --
Security recommendations
2.1Passwords
SCALANCE M804PB
Operating Instructions, 11/2023, C79000-G8976-C496-04 17
1) With SCALANCE M826 and M804PB, only access via vlan1 is possible in the delivery state
(factory setting).
2) You can nd additional information on the encryption methods used in the WBM appendix
"Ciphers used".
3) Only open with SCALANCE M826
4) Only open with SCALANCE S615
5) Only closed with SCALANCE S615
6) Not available with SCALANCE MUM85x
7) Only available with the SCALANCE M87x and MUM85x
8) Only available with SCALANCE MUM85x
The following is a list of all available Layer 2 services through which the device can be
accessed.
The table includes the following columns:
•Layer 2 service
The Layer 2 services that the device supports.
•Default status
The default status of the service (open or closed).
•Service congurable
Indicates whether the service can be congured via WBM / CLI.
Layer 2 service Default port status Congurable
DCP Open (when congured) ✓
LLDP Open (when congured) ✓
SIMATIC NET TIME Open (when congured) ✓
VLAN Open (when congured) ✓
VXLAN 1) Open (when congured) ✓
1) Only with SCALANCE MUM85x
Security recommendations
2.1Passwords
SCALANCE M804PB
18 Operating Instructions, 11/2023, C79000-G8976-C496-04
Description of the device 3
3.1 Product characteristics
Interfaces
Functionality SCALANCE M804PB
MPI/DP interface RS 485 (up to max. 12 Mbps)
Ethernet interface 2 x RJ45 10 / 100Mbps
Digital input/output 1/1
Using the device in a PROFINET environment
Note
When using the device in a PROFINET environment, follow the conguration instructions in the
conguration manuals:
• Web Based Management: Description > Requirements for operation > Use in a PROFINET
environment
• Command Line Interface: General > Use in a PROFINET environment
SCALANCE M804PB
Operating Instructions, 11/2023, C79000-G8976-C496-04 19
3.2 Device view
On the device front:
①Ethernet connectors (P1, P2)
②MPI/DP interface
③SET button
④Digital input (DI)
⑤Digital output (DO)
⑥Power supply connection
⑦LED display
On the device rear:
⑧PLUG slot
3.3 Scope of delivery
The following components are supplied with the product:
• One SCALANCE M device
• A 5-pin terminal block for the power supply
• A 2-pin terminal block for the digital output
• A 2-pin terminal block for the digital input
• A product DVD
Description of the device
3.3Scope of delivery
SCALANCE M804PB
20 Operating Instructions, 11/2023, C79000-G8976-C496-04
Other manuals for SCALANCE M804PB
1
Table of contents
Other Siemens Conference System manuals
Siemens
Siemens Hicom 150 E Office User manual
Siemens
Siemens Hicom 150 E Office User manual
Siemens
Siemens CP 342-5 User manual
Siemens
Siemens CP 1243-1 PCC User manual
Siemens
Siemens HiPath 1100 User manual
Siemens
Siemens CM 1542-1 User manual
Siemens
Siemens MK7000 User manual
Siemens
Siemens CP 1243-1 User manual
Siemens
Siemens CP 5623 User manual
Siemens
Siemens SWT-3000 Technical Document
Siemens
Siemens SIMATIC IO-Link system Parts list manual
Siemens
Siemens RF180C User manual
Siemens
Siemens KNX OZW775 V2.0 User manual
Siemens
Siemens HiPath BizIP User manual
Siemens
Siemens HiPath Series User manual
Siemens
Siemens optiPoint key module User manual
Siemens
Siemens OCI611 Series User manual
Siemens
Siemens OCI600 User manual
Siemens
Siemens Simatic S7-400 User manual
Siemens
Siemens HiPath3550 User manual
