Modbus/TCP Coil Access

medium Nessus Plugin ID 23817

Synopsis

Coils from a Modicon field device, such as a PLC, RTU, or IED, can be read using function code 1.

Description

Using function code 1, Modbus can reads the coils in a Modbus slave, which is commonly used by SCADA and DCS field devices. Coils refer to the binary output settings and are typically mapped to actuators.
A sample of coil settings read from the device are provided by the plugin output.

The ability to read coils may help an attacker profile a system and identify ranges of registers to alter via a write coil message.

Solution

Restrict access to the Modbus port (TCP/502) to authorized Modbus clients.

See Also

http://www.modbus.org/

Plugin Details

Severity: Medium

ID: 23817

File Name: scada_modbus_coil_check.nbin

Version: 1.84

Type: remote

Family: SCADA

Published: 12/11/2006

Updated: 7/17/2024

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Manually scored based on the nature of the vulnerability.

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:W/RC:C

CVSS Score Source: manual