IT security with Modbus

Different vendors often provide equipment with Modbus for connection to the DCS system, and at the same time provide ethernet/GSM or others for remote access.

Modbus by itself have no build in security. Are there any IT security measures build in using Modbus RTU on the AC800M COM3 port or on the CI853 ports? Any settings for restrictions, authentification, username/passwords, etc?


By kstoilov on 5/16/2018 | Like (0) | Report

Hi,
What do you mean with security for serial port?
As per my experience, you can exchange only data in master/slave communication, defined in your application. Normally that could not be affected by external attacks. As per my understanding, in the worst case the communication to the slaves will be broken


By toranders on 5/16/2018 | Like (0) | Report

Hello,
You are probably right that the worst case is broken communication. I would expect that the application program or other software is not editable via Modbus, but since there is a read/write file function in Modbus it could be possible (but perhaps not likely). Other possibilities could perhaps be to issue commands that cause overflow/overrun in the controller or communication interface?


Add New Comment


toranders   

asked 8 days ago
Closed



Best Answer

3

No. Modbus RTU is fundamentaly an "unsecured" protocol. However, that doesnt mean its unsafe. The protocol is relatively simple and the modbus drivers should be quite secure. Buffer overrun attacks are very unlikely and most Modbus RTU links are simple point to point connections over an RS232 cable.

The biggest risk you face is that someone creates an attack that CORRECTLY uses the registers you programmed in the PLC but instead makes the PLC do something you didnt intend. This means that the comms messages that the PLC received over modbus were all absolutely valid. Hence there is no way for the PLC itself to "protect" you from that attack.

Your protection MUST be on the devices that are connected to the PLC. That means you have to protect the SCADA, GSM modems and HMI from attack. By the time an attacker gets to the Modbus serial port its too late. The PLC cant protect you.

Rob Lyon   

answered 7 days ago


 


Add New Comment


Answers

3

No. Modbus RTU is fundamentaly an "unsecured" protocol. However, that doesnt mean its unsafe. The protocol is relatively simple and the modbus drivers should be quite secure. Buffer overrun attacks are very unlikely and most Modbus RTU links are simple point to point connections over an RS232 cable.

The biggest risk you face is that someone creates an attack that CORRECTLY uses the registers you programmed in the PLC but instead makes the PLC do something you didnt intend. This means that the comms messages that the PLC received over modbus were all absolutely valid. Hence there is no way for the PLC itself to "protect" you from that attack.

Your protection MUST be on the devices that are connected to the PLC. That means you have to protect the SCADA, GSM modems and HMI from attack. By the time an attacker gets to the Modbus serial port its too late. The PLC cant protect you.

Rob Lyon   

answered 7 days ago


 


Add New Comment



Get weekly AKS updates


Partner Exclusive Webinars

 

> – Login to the partner portal to register



Points Redemption Program - Redeem your points for ABB training, Bluetooth speakers and mugs. Terms and conditions >


Earn points when you refer a friend
AKS Referral Program is "Live" - Learn more



AKS Experts


avatar
Ask Harsha.D   

Rank: 7

Tech.Support,software and commisioning engineer with Proficient knowledge in 800xA and its products, RNRP,Networking in general.


avatar
Ask MMM   

Rank: 5

ABB PA CT Technical Support


avatar
Ask Govindaraj   

Rank: 10

Working in ABB India Operation Center. Have Project engineering and commissioning experience in ABB 800xA, Freelance, AC500.


avatar
Ask kstoilov   

Rank: 9

Control System Engineer: 800xA, Compact 800, AC500, AC31-50, Advant Master, Simatic, AC&DC Drives 11 years worked for ABB - Control Systems


avatar
Ask nikismith   

Rank: 257

I have been a part of the Recording & Control Factory team for 17 years in total, having spent a number of years as a repairs technician withi the manufacturing department, but being in my current role for 9 years now.


avatar
Ask Flavio Mussolin   

Rank: 4

ABB AVP, Senior Electronic and Automation Engineer with over 30 years of experience in the field of process automation automotive, pharmaceutical, hollow glass, steel and rolling.


avatar
Ask WvanWees   

Rank: 6

I'm a senior service engineer working for ABB in The Netherlands.


avatar
Ask Dieter Henkel   

Rank: 19


avatar
Ask Sumit Gargav   

Rank: 3

I have worked with Freelance in majority, with 800xA FD and Melody system partly. Also had opportunity to work with Protocols - HART,Profibus,FF & Modbus.


avatar
Ask Rob Lyon   

Rank: 2

info@lymac.co.nz I'm an independent DCS software and commissioning engineer with extensive experience in 800xA and other ABB products. I've worked in almost every corner of the world and still haven't seen it all.


avatar
Ask Stefan Stromqvist   

Rank: 1

I joined ABB in the year of 1994 and has since 1999 been working as a Service & Support Engineer at BU Control Technologies in Västerås, Sweden. My areas of expertise are: 800xA Base, 800xA for Advant Master, Information Management, operating systems, RNRP and Ethernet comms/networking in general.


avatar
Ask Ronny Lindström   

Rank: 17

ABB Service Engineer