killchain-compendium/Reverse Engineering/Scada.md

36 lines
1.0 KiB
Markdown

# Supervisory Control and Data Acquisition (SCADA)
* SCADA works as an aggregatio of the following systems
* __Programmable Logic Controllers (PLC)__, monitoring sensors and controlling devices.
* __Remote Terminal Unit (RTU)__, use for wide area telemetry
* __Human Machine Interface (HMI)__, supervisory through an operator. Interaction through human user input.
* __Communication network__
* Security is no first class citizen
## Modbus
* Developed by Modicon
* Master/Slave, latter has an 8 bit address.
* RS-485 Connector
* Data registers 16 bit
* Input register, 16 bit ro
* Hold register, rw
* Coil register, 1 bit rw
* Discrete register, 1bit ro
### Function Codes
* [Modbus101](https://www.csimn.com/CSI_pages/Modbus101.html)
* RTU request inside of TCP segments, port 502
* 1 __Read Coil__
* 2 __Read Discrete Input__
* 3 __Read Holding Registers__
* 4 __Read Input Registers__
* 5 __Write Single Coil__
* 6 __Write Single Holding Register__
* 15 __Write Multiple Coils__
* 16 __Write Multiple Holding Registers__