2026 In-Depth Analysis

Every MCP Server for TIA Portal,
Analyzed and Compared

Four projects connect AI to Siemens TIA Portal via MCP. We analyzed their source code, architecture, and security. One is built for production, three are open-source experiments. Here's the full technical breakdown.

The MCP Landscape for TIA Portal

The Model Context Protocol (MCP) lets AI agents interact directly with engineering tools. For Siemens TIA Portal, four implementations exist today.

T-IA Connect

Commercial · Production-grade

Industrial-grade MCP bridge with 369 tools covering the full TIA Portal lifecycle: project management, block CRUD, tag management, HMI, online operations, PLCSim simulation, and more. Active development, professional support.

Openness API (V17–V21)

heilingbrunner/tiaportal-mcp

Open Source · VS Code Extension

VS Code extension with 30 MCP tools for project browsing, block import/export, compilation, and the new V20 document format. No tag management, no HMI, no online operations. Inactive since September 2025.

Openness API (V20 only)

gangsterke/Tia-Portal-MCP-server

Open Source · Proof of Concept

Minimal prototype with 12 read-only tools for project browsing and tag reading. Built in a single day, never updated. V18 hardcoded, no error handling, no security.

Openness API (V18 only)

cadugrillo/s7-mcp-bridge

Open Source · Runtime Monitor

Different approach: connects directly to PLC Web API (HTTPS) without TIA Portal. 21 tools for runtime monitoring, tag read/write, and CPU control. No engineering capabilities.

PLC Web API (S7-1200/1500)

Source Code Analysis

We reviewed the source code of each project to assess architecture, safety, and real-world usability. Here's what we found.

heilingbrunner/tiaportal-mcp — The Most Advanced Open-Source Option

30 MCP tools · V20 only · Inactive since September 2025

This is the most serious open-source competitor. Developed over approximately 4 months (June–September 2025) by 3 contributors, with 32 stars and 11 forks on GitHub. Also distributed as a VS Code extension. However, the project has been inactive for over 6 months.

Technical Stack

Pure C# .NET Framework 4.8 (no Node.js intermediary). Uses the official .NET MCP SDK (ModelContextProtocol v0.3.0-preview). Transport via stdio only (no HTTP/SSE). References Siemens V20 NuGet packages — a more modern approach than dynamic DLL loading, but locked to a single version.

30 MCP Tools — What They Cover

The tools cover 7 categories: connection management (Connect, Disconnect, GetState), project operations (Open, Save, Close, GetProjectTree), hardware inspection (GetDevices, GetDeviceInfo), software management (GetSoftwareTree, CompileSoftware), block operations (GetBlocks, ImportBlock, ExportBlock), UDT handling (GetTypes, ImportType, ExportType), and V20 document format support (ExportAsDocuments, ImportFromDocuments).

The V20 document format (.s7dcl/.s7res) support is a notable feature — this is a new Siemens format that allows exporting blocks in a structured, human-readable format.

What It Doesn't Do

No tag management — cannot read, write, create, or import/export tags
No HMI/WinCC support — no screens, connections, alarms, or HMI tags
No online operations — no GoOnline, Download, or real-time monitoring
No PLCSim simulation support
No block generation — cannot create new blocks in SCL, LAD, FBD, or GRAPH
No network/subnet management or library support
No watch tables or force tables
No job system — all operations are synchronous and blocking

Technical Problems

No STA Threading

This is the most critical issue. The Siemens Openness API uses COM objects that require Single-Threaded Apartment (STA) mode. Without proper STA dispatching, COM calls can silently corrupt data or crash randomly under concurrent load. This makes the tool unreliable for any automated pipeline.

Monolithic Architecture

Portal.cs contains 2,300 lines and McpServer.cs puts all tools in a single file. This makes the codebase difficult to maintain and extend.

V20 Hardcoded

While it accepts a --tia-major-version CLI argument, the NuGet references are hardcoded to V20. Most real-world factories still run V17 or V18.

Always Requires GUI

No headless mode — TIA Portal must be manually opened first. Cannot be used in CI/CD pipelines.

Process Selection

Uses processes.First() — attaches to the first TIA Portal instance found. If multiple instances are running, there's no way to select which one.

~13% functional coverage vs T-IA Connect

At approximately 13% of T-IA Connect's functional surface, heilingbrunner is the most advanced open-source option. Its V20 document format support is genuinely useful. However, the lack of STA threading, no online operations, no tag management, and 6+ months of inactivity make it unsuitable for production automation.

gangsterke/Tia-Portal-MCP-server — A One-Day Proof of Concept

12 MCP tools · V18 only · Built in one day, never updated

This project is exactly what it looks like: a proof of concept built in a single day (October 12, 2025) and never updated since. Approximately 1,260 lines of total code. It demonstrates that connecting MCP to TIA Portal is possible, but offers nothing beyond that.

Technical Stack

Dual-process architecture: a Node.js TypeScript layer (~400 lines) handles MCP protocol, while a C# .NET Framework 4.8 subprocess (~860 lines in a single Program.cs) calls the Openness API. Communication between the two processes via stdin/stdout JSON.

12 MCP Tools — Read-Only

All tools are read-only: open/close project, list PLCs, list blocks (root level only — no recursion into groups), export a single block as XML, read tag tables, search tags, get hardware config, get project info, and two OPC UA tools (export/get interface info). The OPC UA support is its only original feature.

The get_block_code tool is misleading — it only returns metadata (name, type, language), not the actual source code.

Notable Problems

V18 Hardcoded

Absolute paths to Portal V18\PublicAPI\V18\ are hardcoded. No multi-version support whatsoever.

No STA Threading

Works by luck on .NET Framework 4.8 since the main thread defaults to STA, but this is not explicitly managed and will fail under concurrent load.

Silent Error Swallowing

Empty catch blocks throughout the code — errors are silently ignored. If something goes wrong, you'll never know.

Race Condition at Startup

Uses a simple setTimeout(2000ms) to wait for the C# subprocess to start. No health check, no proper handshake.

Zero Security

No authentication, no path validation (directory traversal is possible), no rate limiting. Zero tests, zero CI/CD, no LICENSE file despite claiming MIT in package.json.

~1–2% functional coverage vs T-IA Connect

At approximately 1–2% of T-IA Connect's functional surface, this is a minimal proof of concept, not a tool. Its only original contribution is OPC UA interface support. Useful as a learning exercise, dangerous for anything else.

cadugrillo/s7-mcp-bridge — Runtime Monitoring Without TIA Portal

21 MCP tools · PLC Web API · No engineering capabilities

This project takes a fundamentally different approach: instead of connecting to TIA Portal via the Openness API, it connects directly to the PLC's built-in Web API (JSON-RPC over HTTPS). No Siemens software is needed — just a network connection to the PLC. This makes it complementary rather than competitive with the other projects, but introduces serious safety concerns.

Technical Stack

Pure TypeScript/Node.js. Transport via HTTP-stream (port 57001) or stdio. Packaging includes Docker multi-arch images and a Claude Desktop extension (.mcpb). No Siemens dependencies — just fetch() calls to https://<PLC_IP>/api/jsonrpc.

21 MCP Tools — Runtime Focus

System (Api-Ping, Api-Version, Api-Browse), Authentication (Api-Login, Api-Logout, ChangePassword), Configuration (List-AvailablePlcs), Data (PlcProgram-Browse, PlcProgram-Read, PlcProgram-Write), CPU Control (ReadOperatingMode, RequestChangeOperatingMode, ReadSystemTime, SetSystemTime), Diagnostics (Alarms-Browse, Alarms-Acknowledge, DiagnosticBuffer-Browse), and Backup (Plc-CreateBackup).

What It Does Well

Zero Siemens installation required — any machine with Node.js can connect
Clean architecture: one file per tool, well-organized codebase
Docker and Claude Desktop extension support
Runtime monitoring without needing TIA Portal open

What's Dangerous

AI Can Stop Production

The RequestChangeOperatingMode tool lets an AI agent put a CPU in STOP mode. The PlcProgram-Write tool lets it write arbitrary values to PLC tags. On a production line, one AI hallucination could stop an entire factory. There is no confirmation dialog, no audit trail, no safety check. By contrast, T-IA Connect deliberately disabled the start_cpu and stop_cpu commands — they return an explicit error even though the Openness API would allow it. Downloading to a physical CPU requires a manual confirmation with a detailed safety message.

TLS Disabled Globally

The code sets NODE_TLS_REJECT_UNAUTHORIZED = "0", which disables TLS certificate verification for the entire Node.js process — not just PLC connections. This is a security vulnerability.

Credentials in Memory

PLC credentials are stored in plaintext in memory. No encryption, no secure storage.

Zero Tests

No test suite for a tool that directly controls industrial equipment. Inactive since October 2025.

Different category — runtime monitoring only

The s7-mcp-bridge occupies a different niche — runtime monitoring via PLC Web API, not engineering. The zero-install approach is interesting for monitoring dashboards. However, the complete absence of safety guardrails on critical operations (CPU STOP, tag write) makes it dangerous for any industrial environment. T-IA Connect covers both engineering and runtime operations with proper safeguards.

Why Production Safety Matters

Connecting an AI to industrial equipment is not a toy project. Here's what's at stake.

STA Threading Is Non-Negotiable

The Siemens Openness API uses COM objects that require Single-Threaded Apartment (STA) mode. Without proper STA dispatching, COM calls can silently corrupt data or crash randomly under load. T-IA Connect is the only implementation with a proper StaDispatcher.

AI + PLC = Safety-Critical

When an AI agent can write tags, download programs, or change CPU operating modes, one hallucination can stop a production line. T-IA Connect uses API key authentication, rate limiting, and action logging. The start_cpu and stop_cpu commands are intentionally disabled — they return an explicit error, even though the Openness API would allow it. Downloading to a physical CPU requires explicit manual confirmation (confirmPhysicalDownload=true). The open-source alternatives have zero security guardrails.

Multi-Version Support Matters

Most factories run V17 or V18 — not V20. A tool hardcoded to a single TIA Portal version excludes the majority of real-world installations. T-IA Connect dynamically loads the correct Openness DLLs for V17 through V21.

Headless Mode for CI/CD

Automated pipelines need to run without a GUI. T-IA Connect can open TIA Portal in headless mode, compile, download, and close — without any user interaction. The open-source alternatives require TIA Portal to be manually opened first.

Feature-by-Feature Comparison Table

The full comparison matrix — all features, all four servers, at a glance

Feature
T-IA Connect
heilingbrunner
gangsterke
s7-mcp-bridge
MCP Tools
369
30
12
21
TIA Portal Versions
V17, V18, V19, V20, V21
V20 only (NuGet hardcoded)
V18 only (path hardcoded)
N/A — no TIA Portal needed
Block Operations
Full CRUD + SCL/LAD/FBD/GRAPH generation
Import/Export (XML & V20 documents)
Export only (root level)
None
Tag Management
Full CRUD + import/export
None
Read only
Runtime read/write
HMI / WinCC
Screens, connections, alarms, tags
None
None
None
Online Operations
GoOnline, Download (confirmation required), monitoring — Run/Stop CPU disabled by design for safety
None
None
Run/Stop CPU, read/write tags
PLCSim Simulation
PLCSim + PLCSim Advanced
None
None
None
STA Threading
StaDispatcher (production-safe)
None (COM crash risk)
None (COM crash risk)
N/A
Security
API key + rate limiting + RSA license
None
None
None (TLS disabled globally)
Transport
HTTP + SSE + stdio
stdio only
stdio only
HTTP-stream + stdio
REST API
417 endpoints
None
None
None
Headless Mode
Yes — no TIA Portal GUI required
No — requires TIA Portal open
No — requires TIA Portal open
N/A
Last Updated
Active (weekly updates)
September 2025 (inactive 6+ months)
October 2025 (built in 1 day, never updated)
October 2025 (inactive 6+ months)
License
Commercial (14-day free trial)
MIT
MIT
MIT
CPU Safety Guardrails
start/stop CPU disabled by design, physical download requires mandatory confirmation, full audit trail
None (no online operations)
None (no online operations)
None — RequestChangeOperatingMode exposed unprotected, arbitrary tag write without confirmation

Frequently Asked Questions

What is MCP and why does it matter for TIA Portal?

MCP (Model Context Protocol) is an open standard by Anthropic that lets AI agents interact with external tools. For TIA Portal, it means any AI — Claude, GPT, Llama, Gemini — can create PLC blocks, manage tags, compile, and download programs. It's the bridge between modern AI and industrial automation.

Are the open-source MCP servers safe for production use?

No. None of the three open-source implementations handle STA threading correctly, which means they risk COM object corruption under concurrent use. They also lack authentication, rate limiting, and audit logging — essential for any tool that interacts with industrial equipment. They're useful for experimentation, not production.

Can I use T-IA Connect with Claude, ChatGPT, or local models?

Yes. T-IA Connect supports any MCP-compatible client: Claude Desktop, Claude Code, Cursor, VS Code with Continue, Windsurf, and any custom integration. Since MCP is an open protocol, you choose your AI provider — including local models via Ollama for air-gapped environments.

What about the s7-mcp-bridge — isn't it complementary?

The s7-mcp-bridge takes a different approach: it connects to the PLC's built-in Web API, not to TIA Portal. This is useful for runtime monitoring, but it can't create blocks, manage project structures, or do any engineering. It's also dangerous: it exposes RequestChangeOperatingMode unprotected — an AI agent can put a CPU in STOP mode without confirmation. T-IA Connect takes the opposite approach: start_cpu and stop_cpu commands are deliberately disabled and return an error, downloading to a physical CPU requires explicit confirmation, and all critical operations are logged with a full audit trail.

Ready to Connect AI to TIA Portal?

Start with a free 14-day trial. All 369 MCP tools, all TIA Portal versions, no credit card required.