To facilitate interoperability in modern networks, the Modbus Application Protocol (MBAP) header is dropped onto the TCP/IP stack at the application layers in both the OSI and Advanced Research Projects Agency (ARPA) models. This creates a cybersecurity situation where an insecure protocol is using an insecure transport mechanism to perform mission critical and vital operations.
The TCP/IP Modbus payloads provide enough intelligence to analyze the traffic. It is also easy to create a list of Modbus-aware field controllers, which attacks can leverage. In addition, no authentication or authorization is required to communicate with a Modbus device. The default port that Modbus/TCP uses is 502. The original performance requirements that have been ported over to new transport mechanisms have not taken into consideration the impact of non-structured data on delicate field controllers.
