Modicon Modbus/TCP Programming Function Code Access (SCADA) (deprecated)

high Nessus Network Monitor Plugin ID 3852

Synopsis

The remote host is running an inherently insecure protocol or application.

Description

The proprietary Modbus/TCP function code 126 is active on this Modbus slave. An attacker who is able to gain network access to this device may be able to reprogram PLC logic or otherwise impact the integrity of the physical process.

Solution

Filter incoming traffic on this port to authorized Modbus TCP clients.

See Also

http://www.modbus-ida.org

Plugin Details

Severity: High

ID: 3852

Family: SCADA

Published: 2/26/2014

Updated: 6/1/2015

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P