Detections
Analytics

MODBUS Server Diagnostic Mode (SCADA) (deprecated)

medium Nessus Network Monitor Plugin ID 3849

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote server is running the MODBUS protocol. This protocol is common on SCADA or process control networks. In addition, the PLC is running with 'Diagnostics' enabled. This is very dangerous, as it can give attackers information that can be used to exploit the machine.

Solution

Only allow diagnostic sessions from trusted clients.

See Also

http://www.modbus-ida.org

Plugin Details

Severity: Medium

ID: 3849

Family: SCADA

Published: 2/26/2014

Updated: 6/1/2015

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N