Modbus/TCP Coil Access

Medium Nessus Plugin ID 23817


Coils from a Modicon field device, such as a PLC, RTU, or IED, can be read using function code 1.


Using function code 1, Modbus can reads the coils in a Modbus slave, which is commonly used by SCADA and DCS field devices. Coils refer to the binary output settings and are typically mapped to actuators.
A sample of coil settings read from the device are provided by the plugin output.

The ability to read coils may help an attacker profile a system and identify ranges of registers to alter via a write coil message.


Restrict access to the Modbus port (TCP/502) to authorized Modbus clients.

See Also

Plugin Details

Severity: Medium

ID: 23817

File Name: scada_modbus_coil_check.nbin

Version: $Revision: 1.32 $

Type: remote

Family: SCADA

Published: 2006/12/11

Modified: 2018/01/29

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N