plc-gateway
by hi-ropon
Overview
This server provides a FastAPI REST API for reading device values from Mitsubishi PLCs using the MC protocol.
Installation
python main.pyEnvironment Variables
- PLC_IP
- PLC_PORT
- PLC_TIMEOUT_SEC
- PLC_TRANSPORT
Security Notes
The server uses `allow_origins=["*"]` for CORS, which is a significant security risk in production environments as it allows cross-origin requests from any domain. There is no visible built-in authentication or authorization for API access, which is critical for an API interacting with industrial control systems. The `--production` flag binds the API to `0.0.0.0`, making it publicly accessible, which, when combined with the lack of authentication and permissive CORS, creates a major vulnerability. Dynamic PLC IP/port specification in API requests (`plc_host` parameter) increases flexibility but also expands the attack surface if not securely deployed. The `_read_plc` and `_batch_read_plc` functions establish and close a new PLC connection for each API request, which could be an efficiency concern under high load but is not a security flaw.
Similar Servers
mcpx-mcp-server
Enables generative AI to access and control Mitsubishi PLC devices in real time via an MCP server.
modbus-mcp
Connects LLM agents to Modbus devices to enable AI-driven workflows in industrial control and building automation systems.
MCP_server
This project demonstrates building and consuming Model Context Protocol (MCP) servers using Python, leveraging FastAPI for HTTP and STDIO for different transport mechanisms, and integrating with LangChain for LLMs to dynamically discover and use tools.
fastapi-mcp-server
An API server built with FastAPI, likely for managing or processing data related to an application or system referred to as 'MCP'.