Internet-facing industrial control devices connected to the default Modbus port, commonly used by power grids and other industrial systems, reached 179 across 20 countries despite the protocol's absence of encryption and authentication, indicating a significant risk to critical infrastructure entities, Cybernews reports.Most of the exposed ICS devices were in the U.S., followed by Sweden and Turkey, with one of the devices discovered to be included in a national railway network and a pair of devices found to be included in the power grid infrastructure of an Asian and a European country, according to Comparitech researchers. Schneider accounted for most of the devices that touted their manufacturer, followed by Data Electronics and ABB Stotz-Kontakt."Even if a device isn't obviously linked to a particular manufacturer, attackers may make an educated guess as to what its registers relate to, particularly if they monitor how they change over time. Because Modbus doesn't require authentication, an attacker could potentially write to, as well as read from, the holding registers," said researchers.
ICS/SCADA, Critical Infrastructure Security
Internet-exposed Modbus ICS devices threaten critical infrastructure

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



