Variable access

Variable accesses

What are variable accesses?

A Variable is a container that holds information in an equipment such as a PLC or a data server (i.e. OPC data server). There are many different types of variables depending on the PLC or the server that is in use. A variable can be accessed by the network by using a name or a physical address in the equipment memory. Variables are exchanged on the industrial network between PLCs and servers for process control and supervision purposes. Variables can be read or written in any equipment according to need.

A variable can be for example the ongoing temperature on an industrial oven. This value is stored in the oven's PLC and can be controlled by another PLC or accessed by a SCADA system for supervisory purpose. The same value can be read by another PLC which controls the heating system.

What are variable accesses used for?

Reading and writing variables inside a network is strictly controlled. Particular attention should be paid when an unplanned change occurs, especially when it comes to a new written variable. Indeed, such a behavior could be symptomatic of an attacker attempting to take control of the process. Cisco Cyber Vision reports the variables' messages detected on the equipment of the industrial network.

Variable accesses are detailed inside component's technical sheet under a sortable table list, containing:

  • The variable's name.

  • Its type (WRITE or READ, but not the value itself).

  • Which component have accessed the variable.

  • The first and last time the component has accessed the variable.

The mention "2 different accesses" (1) indicates that two components have read the variable.

Where to find variable accesses?

You can see the number of variable accesses per component on the component list view. You can sort the var column by ascending or decreasing number.

Clicking a component from any view opens its right side panel where the number of variables on this component is indicated.

A detailed list of variable accesses is available under the automation tab on the component's technical sheet (see the first figure above) and on PLC reports.