Modbus/TCP Coil Access

Medium Nessus Plugin ID 23817


Coils from a Modicon field device, such as a PLC, RTU, or IED, can be read using function code 1.


Using function code 1, Modbus can reads the coils in a Modbus slave, which is commonly used by SCADA and DCS field devices. Coils refer to the binary output settings and are typically mapped to actuators.
A sample of coil settings read from the device are provided by the plugin output.

The ability to read coils may help an attacker profile a system and identify ranges of registers to alter via a write coil message.


Restrict access to the Modbus port (TCP/502) to authorized Modbus clients.

See Also

Plugin Details

Severity: Medium

ID: 23817

File Name: scada_modbus_coil_check.nbin

Version: 1.57

Type: remote

Family: SCADA

Published: 2006/12/11

Updated: 2020/09/14

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 9.1

Temporal Score: 8.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:W/RC:C