Modbus
What is Modbus?
ModbusA simple, openly documented industrial protocol for polling registers and coils on PLCs, RTUs, and field devices, available over serial (RTU/ASCII) and TCP.
Modbus is one of the oldest and most widely deployed industrial protocols, originally created by Modicon in 1979 and now maintained by the Modbus Organization. A client reads or writes coils, discrete inputs, and 16-bit holding/input registers on a server using function codes, either over RS-485/RS-232 (Modbus RTU/ASCII) or TCP port 502 (Modbus TCP). Modbus carries no authentication, integrity, or encryption: anyone with network access can read process values, write set-points, or send a broadcast that stops devices. Defences include strict segmentation, dedicated gateways, deep-packet-inspection firewalls, the use of Modbus/TCP Security (RFC-style TLS profile), and the migration of new designs to authenticated protocols such as OPC UA.
● Examples
- 01
An HMI polling tank levels and pump status from PLCs over Modbus TCP on port 502.
- 02
A serial Modbus RTU link from a meter to a remote RTU in a substation.
● Frequently asked questions
What is Modbus?
A simple, openly documented industrial protocol for polling registers and coils on PLCs, RTUs, and field devices, available over serial (RTU/ASCII) and TCP. It belongs to the OT / ICS / IoT category of cybersecurity.
What does Modbus mean?
A simple, openly documented industrial protocol for polling registers and coils on PLCs, RTUs, and field devices, available over serial (RTU/ASCII) and TCP.
How does Modbus work?
Modbus is one of the oldest and most widely deployed industrial protocols, originally created by Modicon in 1979 and now maintained by the Modbus Organization. A client reads or writes coils, discrete inputs, and 16-bit holding/input registers on a server using function codes, either over RS-485/RS-232 (Modbus RTU/ASCII) or TCP port 502 (Modbus TCP). Modbus carries no authentication, integrity, or encryption: anyone with network access can read process values, write set-points, or send a broadcast that stops devices. Defences include strict segmentation, dedicated gateways, deep-packet-inspection firewalls, the use of Modbus/TCP Security (RFC-style TLS profile), and the migration of new designs to authenticated protocols such as OPC UA.
How do you defend against Modbus?
Defences for Modbus typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Modbus?
Common alternative names include: Modbus RTU, Modbus TCP, Modbus/TCP.
● Related terms
- ot-iot№ 864
Programmable Logic Controller (PLC)
A ruggedized industrial computer that executes deterministic control logic to read sensors and drive actuators in real-time processes.
- ot-iot№ 972
SCADA
Supervisory Control and Data Acquisition systems that gather telemetry from remote field devices and let operators monitor and command large industrial processes.
- ot-iot№ 529
Industrial Control System (ICS)
An umbrella term for systems that automate and supervise industrial processes, including SCADA, DCS, PLCs, RTUs, and safety controllers.
- ot-iot№ 758
OPC UA
OPC Unified Architecture, a service-oriented industrial protocol with built-in authentication and encryption used to exchange semantic data across OT and IT systems.
- ot-iot№ 334
DNP3
Distributed Network Protocol 3, an event-driven ICS protocol used in electric utilities, water, and oil & gas to communicate between SCADA masters and remote outstations.
- ot-iot№ 513
IEC 62443
The IEC family of standards for the cybersecurity of industrial automation and control systems, addressing asset owners, integrators, and product suppliers.
● See also
- № 863PROFINET