Modbus/TCP

Description Modbus Protocol is a messaging structure developed by Modicon in 1979 originally over serial links. Today its most common form is over Ethernet and TCP/IP and is known as Modbus/TCP. Modbus is used to establish master-slave/client-server communication between intelligent devices. It is a de facto standard, truly open and one of the most widely used network protocols in the industrial manufacturing environment. It has been implemented by hundreds of vendors on thousands of different devices to transfer discrete/analog I/O and register data between control devices. Industry analysts have reported over 7 million Modbus nodes in North America and Europe alone.
Protocols Standards Group Modbus Organization
Approvals for Tofino Products Tested and certified by the Modbus Organization

Modbus Security Summary

While Modbus is an excellent ICS protocol, it was created before security was a consideration. As a result, it currently has no capability for authentication or authorization control. Any device with a network connection to a Modbus controller can potentially change any of the controller’s I/O points or register values. Many controllers can even be reset, disabled, or loaded with new logic or firmware code.

Known Security Issues and Vulnerabilities

Open Sourced Vulnerability Database (OSVDB)

Tofino Security Products for Improving Security

Tofino Modbus TCP Enforcer LSM A loadable security module that provides content inspection for Modbus communications, checking every command and response against a list of ‘allowed’ commands defined by your controls engineer.
ConneXium Tofino Firewall TCSEFEA An industrial Modbus/TCP security appliance that uses deep packet inspection technology to restrict network traffic based on user defined rules permitting only authorized devices, communication types and services.
Honeywell Experion Modbus TCP A preconfigured security appliance that allows only Modbus/TCP traffic to pass and ensures that the master initiates all communications.
Honeywell OneWireless A preconfigured security appliance that filters bi-directional network traffic between the Experion control network and the OneWireless™ sensor data network, blocking any unnecessary traffic or threats.
Honeywell Modbus Read-only Firewall A preconfigured security appliance that filters network traffic between the Experion control network and the Safety System, allowing the Experion to only read SIS data and to respond to time synchronization requests.

 

Application Notes

Articles

Blog Posts

Press Releases

Videos and Presentations

White Papers