IEC 60870 Slave: wrong APDU Length calculation for series of M_ME_TC_1 (T14) and M_ME_TF_1 (T36) data

IEC 60870 Slave: wrong APDU Length calculation for series of M_ME_TC_1 (T14) and M_ME_TF_1 (T36) data

Summary

issue in Stack for IEC60870 Slave - in zenon Process Gateway and in zenon Logic - when driver is used with reduced setting for 'ADPU/Data size':

for IOs (variables) of Type IDs:

- T14 - M_ME_TC_1 - measured value, short floating point number with time tag

- T36 - M_ME_TF_1 - measured value, short floating point number with time tag CP56Time2a

The slave by sending many value changes in one frame estimates the summary data length wrong and sends more IOs in one frame as the size configured in the slave's settings. The frame could be overrun when ADPU should end in the data area for 'time tag' of last value.

Description

issue in Stack for IEC60870 Slave - in zenon Process Gateway and in zenon Logic - when driver is used with reduced setting for 'ADPU/Data size':

for IOs (variables) of Type IDs:

- T14 - M_ME_TC_1 - measured value, short floating point number with time tag

- T36 - M_ME_TF_1 - measured value, short floating point number with time tag CP56Time2a

The slave by sending many value changes in one frame estimates the summary data length wrong and sends more IOs in one frame as the size configured in the slave's settings. The frame could be overrun when ADPU should end in the data area for 'time tag' of last value.

Solution

procedure calculating summary data length corrected; driver splits correctly the data to next APDU.

Information

Under circumstances it could cause the out of memory error in the slave application (zenPG /Logic).

By default setting 'APDU/Data size' =253 the behavior was always correct.



Issue Number: 29554
Fixed on Date: 8.5.2013
Versions: 7.10 0 BUILD 6571