Coils from a Modicon field device, such as a PLC, RTU, or IED, can be read using function code 1.
Using function code 1, Modbus can reads the coils in a Modbus slave, which is commonly used by SCADA and DCS field devices. Coils refer to the binary output settings and are typically mapped to actuators. A sample of coil settings read from the device are provided by the plugin output. The ability to read coils may help an attacker profile a system and identify ranges of registers to alter via a write coil message.
Restrict access to the Modbus port (TCP/502) to authorized Modbus clients.