Skip to main content
Industrial NetworkingLearn Industrial AutomationPLC Programming

Python OPC UA: Read Data from Siemens S7-1500 in 30 Lines

By April 10, 2026April 14th, 2026No Comments11 min read

Reading live tags from a Siemens S7-1500 used to mean vendor libraries, license dongles, or wrestling with Snap7 quirks. With Python OPC UA, it takes roughly thirty lines of code, runs on any OS, and talks to the PLC using the exact same standard that MES, SCADA and historians use in production.

This tutorial walks through the minimum working setup: enabling the OPC UA server on the S7-1500, installing asyncua, connecting as an anonymous client, browsing the address space, reading tag values, and subscribing to value changes. Every snippet is tested against a real S7-1516 with firmware 3.1 and TIA Portal V19.

Why OPC UA and not S7Comm or Modbus

S7Comm (the legacy Siemens protocol) works through libraries like Snap7 but has three problems for Python integrations: it is reverse-engineered, it gives you raw memory offsets instead of named tags, and it lacks built-in authentication. Modbus TCP works but forces you to hand-map registers. OPC UA, on the other hand, is a public IEC 62541 standard, transmits named variables with data types and descriptions, supports encryption and certificate auth out of the box, and is natively supported on every S7-1500 CPU from firmware 2.0 onwards.

In practice: when your manager asks for “data from the packaging line into Grafana,” the answer in 2026 is OPC UA plus Python. No gateway hardware, no licensed middleware.

Step 1 — Enable the OPC UA Server on the S7-1500

Open your TIA Portal project, select the PLC in the device view, and navigate to Properties → General → OPC UA → Server.

Set the following:

  • Activate OPC UA server: checked
  • Port: 4840 (standard)
  • Security policies: for first tests, enable None (we’ll add certificates later)
  • User authentication: enable Guest authentication for the tutorial

Then expose the tags you want to read. Under Runtime licenses → OPC UA, confirm you have an SIMATIC OPC UA S7-1500 license (Small/Medium/Large depending on CPU). For each data block you want to publish, open its properties and set Accessible from HMI/OPC UA/Web API to true, plus Visible in HMI engineering and Writable from HMI/OPC UA. Download the project.

Step 2 — Install asyncua

The most maintained Python OPC UA library is asyncua (successor to the older python-opcua). It supports the full stack: client, server, subscriptions, certificates, custom types.

pip install asyncua

That’s the only dependency. asyncua runs on Python 3.8+ and has no compiled C extensions.

Step 3 — The Minimum Working Client (30 lines)

Save the following as read_plc.py. Replace the IP with your CPU’s address.

import asyncio
from asyncua import Client, ua

URL = "opc.tcp://192.168.0.1:4840"

async def main():
    async with Client(url=URL) as client:
        # Browse the root
        root = client.nodes.root
        print("Root children:")
        for child in await root.get_children():
            print(" ", await child.read_browse_name())

        # Read a specific tag by NodeId
        # For S7-1500 published DB variables, the NodeId looks like:
        # ns=3;s="MyDataBlock"."Temperature"
        temp_node = client.get_node('ns=3;s="ProductionData"."Temperature"')
        value = await temp_node.read_value()
        print(f"Temperature = {value} °C")

        # Read multiple nodes in one round-trip
        nodes = [
            client.get_node('ns=3;s="ProductionData"."Temperature"'),
            client.get_node('ns=3;s="ProductionData"."Pressure"'),
            client.get_node('ns=3;s="ProductionData"."PartCount"'),
        ]
        values = await client.read_values(nodes)
        for n, v in zip(nodes, values):
            print(f"{await n.read_browse_name()} = {v}")

if __name__ == "__main__":
    asyncio.run(main())

Run it:

python read_plc.py

If everything is configured, you get the browse tree of the server plus the values of your three tags. The whole thing is ~30 non-blank lines, has zero vendor lock-in, and runs identically on Windows, Linux and macOS.

Step 4 — Finding the Right NodeId

The NodeId ns=3;s="ProductionData"."Temperature" is where most people get stuck. ns=3 is the namespace index — on S7-1500 this is where user-defined variables live. The string part is literally the path inside the PLC’s published address space, with quotes around each identifier.

The safest way to discover NodeIds is to connect first with UaExpert (free from Unified Automation) and browse. Right-click any variable → Copy Node Identifier. Paste that string into Python.

Alternatively, you can browse programmatically:

from asyncua.common.methods import call_method

async def print_tree(node, indent=0):
    print("  " * indent + str(await node.read_browse_name()))
    for child in await node.get_children():
        await print_tree(child, indent + 1)

Call await print_tree(client.nodes.objects) to dump the entire published address space.

Step 5 — Subscribing to Value Changes

Polling read_value() in a loop works but wastes bandwidth. OPC UA has a first-class publish/subscribe model. Below, the PLC pushes updates whenever PartCount changes:

class SubHandler:
    def datachange_notification(self, node, val, data):
        print(f"{node} changed to {val}")

async def subscribe():
    async with Client(url=URL) as client:
        handler = SubHandler()
        sub = await client.create_subscription(500, handler)  # 500 ms
        part_count = client.get_node('ns=3;s="ProductionData"."PartCount"')
        await sub.subscribe_data_change(part_count)
        await asyncio.sleep(3600)  # keep running

asyncio.run(subscribe())

The callback fires only when the value actually changes, the 500 ms is the sampling interval on the server side, and you can attach hundreds of variables to a single subscription. This is how production dashboards and historians typically ingest PLC data.

Step 6 — Writing Values (With Care)

Writing from Python back to the PLC is one line:

await client.get_node('ns=3;s="ProductionData"."SetpointTemperature"').write_value(ua.Variant(75.5, ua.VariantType.Double))

Three things to check before enabling writes on a production machine: the variable must be marked Writable from HMI/OPC UA in TIA, the client must authenticate as a user with write permissions (not Guest), and the logic in the PLC must treat the incoming value as a setpoint to be validated — never trust a network-writable value as a safety input.

Step 7 — Adding Certificates (for real deployments)

SecurityPolicy.None is fine for a lab. For anything touching a real network, enable certificate-based auth. asyncua ships with helpers:

from asyncua.crypto.security_policies import SecurityPolicyBasic256Sha256

await client.set_security(
    SecurityPolicyBasic256Sha256,
    certificate="client_cert.pem",
    private_key="client_key.pem",
    server_certificate="server_cert.der",
    mode=ua.MessageSecurityMode.SignAndEncrypt,
)

Generate the client cert with OpenSSL, then upload its .der version to TIA under Security → Certificate manager and accept it in the CPU’s trusted-partner list. The same principle applies whether you talk to a Siemens, Beckhoff or B&R controller.

Troubleshooting the Common Failures

BadTcpEndpointUrlInvalid — the URL must use opc.tcp:// not http://. Also verify firewall allows TCP 4840 inbound to the PLC.

Variables missing from the address space — the DB was created with Optimized block access and you forgot to mark individual variables as HMI/OPC UA accessible. Open the DB, right-click each tag, enable the flag, download.

BadNodeIdUnknown on a valid-looking NodeId — the string is case-sensitive and every identifier must be in double quotes including the array indices. "DB"."Array"[0] not "DB.Array[0]".

Connection drops every few minutes — the S7-1500 keeps-alive interval is 15 seconds by default. If your network has an aggressive NAT, extend the session timeout in Client() with session_timeout=120000.

Licensing error — without the SIMATIC OPC UA runtime license the server exposes only 100 variables in trial mode. Buy the matching license for your CPU size.

Going Further: Historians, Grafana, and LLM Agents

Once you can read data from the PLC with Python, the next steps open up fast. Push the values to a time-series database like InfluxDB or TimescaleDB, query from Grafana for live dashboards, or feed an LLM for natural-language queries over production data. The same asyncua client underneath.

For a full pipeline — OPC UA → Python → Postgres → Grafana with alerting — see our internal guide [placeholder: link to “Building a Production Data Pipeline with Python”].

FAQ

Do I need a special OPC UA license on the S7-1500?

Yes. Every S7-1500 CPU requires a SIMATIC OPC UA Server runtime license, sized Small (before 1,000 nodes), Medium (10,000) or Large (100,000). Without it, the server runs in a 100-variable trial. The client side (your Python script) is always free.

Can I use OPC UA with an older S7-300 or S7-400?

Not directly. S7-300/400 CPUs do not have an embedded OPC UA server. Use a SIMATIC IoT2050, an OPC UA gateway like Kepware, or migrate to S7-1500. Alternatively, S7Comm via Snap7 still works for legacy hardware.

How fast is Python OPC UA compared to S7Comm?

For a single-value read, expect 5-15 ms round-trip over Ethernet. read_values with 100 tags typically returns in 20-40 ms — much faster than 100 individual reads. Subscriptions remove polling overhead entirely and scale to thousands of tags per session.

Is asyncua production-ready?

Yes. It is used in commercial MES, SCADA gateways and several cloud connectors. The async model handles thousands of concurrent nodes cleanly. For synchronous code bases there is also asyncua.sync which exposes the same API without async/await.

Can I run my Python script on a Raspberry Pi next to the machine?

Absolutely. asyncua runs on any Pi from Zero 2 upwards. Common architecture: Pi reads via OPC UA, pushes to an MQTT broker or REST endpoint, upstream systems consume from there. This is the cheapest path from an existing Siemens line to cloud telemetry.

What’s Next

You now have a working Python client that speaks OPC UA to a Siemens S7-1500. This is the same foundation that production MES and historians use — only the PLC side differs between vendors (Allen-Bradley, Beckhoff, Omron all publish OPC UA servers with the same NodeId addressing pattern).

To build on this, our Python for Automation Engineers course covers the full stack: OPC UA, Modbus, SQL, visualization. If you want to master the communication layer end-to-end — including Profinet and EtherCAT diagnostics — see our Industrial Communication Protocols training.

Both courses are built by engineers who run real lines, not academics who only read about them.

Author

Simon Adamek

IT Engineer and PLC Specialist
Manager at ControlByte
“Guiding beginners into the world of PLCs and industrial innovation.”

See author's posts

Tags:

Related Posts

Industrial NetworkingLearn Industrial AutomationPLC Programming Python Modbus: Read and Write PLC Data with pymodbus

Python Modbus: Read and Write PLC Data with pymodbus

Simon Adamek
Simon AdamekApril 14, 2026
Automation Career & Engineering SkillsLearn Industrial Automation Python for Industrial Automation: What It Can and Cannot Do

Python for Industrial Automation: What It Can and Cannot Do

Simon Adamek
Simon AdamekApril 9, 2026
Learn Industrial Automation Python Basics Guide: From Zero to First Script [2026]

Python Basics Guide: From Zero to First Script [2026]

Simon Adamek
Simon AdamekApril 8, 2026
Simon Adamek

Author Simon Adamek

IT Engineer and PLC Specialist Manager at ControlByte "Guiding beginners into the world of PLCs and industrial innovation."

More posts by Simon Adamek

ControlByte Support