ICS/SCADA, Critical Infrastructure Security

Internet-exposed Modbus ICS devices threaten critical infrastructure

dusk view of electricity grid infrastructure emphasizing the critical protection needed for power transmission and distribution systems to ensure a reliable energy network

Internet-facing industrial control devices connected to the default Modbus port, commonly used by power grids and other industrial systems, reached 179 across 20 countries despite the protocol's absence of encryption and authentication, indicating a significant risk to critical infrastructure entities, Cybernews reports.

Most of the exposed ICS devices were in the U.S., followed by Sweden and Turkey, with one of the devices discovered to be included in a national railway network and a pair of devices found to be included in the power grid infrastructure of an Asian and a European country, according to Comparitech researchers. Schneider accounted for most of the devices that touted their manufacturer, followed by Data Electronics and ABB Stotz-Kontakt.

"Even if a device isn't obviously linked to a particular manufacturer, attackers may make an educated guess as to what its registers relate to, particularly if they monitor how they change over time. Because Modbus doesn't require authentication, an attacker could potentially write to, as well as read from, the holding registers," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds