killchain-compendium/Reverse Engineering/Scada.md

Supervisory Control and Data Acquisition (SCADA)

• SCADA works as an aggregatio of the following systems

  • Programmable Logic Controllers (PLC), monitoring sensors and controlling devices.
  • Remote Terminal Unit (RTU), use for wide area telemetry
  • Human Machine Interface (HMI), supervisory through an operator. Interaction through human user input.
  • Communication network

• Security is no first class citizen

Modbus

• Developed by Modicon
• Master/Slave, latter has an 8 bit address.
• RS-485 Connector
• Data registers 16 bit
  • Input register, 16 bit ro
  • Hold register, rw
  • Coil register, 1 bit rw
  • Discrete register, 1bit ro

Function Codes

• Modbus101

• RTU request inside of TCP segments, port 502

• 1 Read Coil

• 2 Read Discrete Input

• 3 Read Holding Registers

• 4 Read Input Registers

• 5 Write Single Coil

• 6 Write Single Holding Register

• 15 Write Multiple Coils

• 16 Write Multiple Holding Registers