|
On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols
VI.A. MODBUS/TCP Read Grammar Test
The MODBUS/TCP Read grammar examines the DUT's behavior in response to valid and invalid read requests. The function codes tested are:
- 01 Read Coils
- 02 Read Discrete Inputs
- 03 Read Holding Registers
- 04 Read Input Registers
Table 1: Read Grammar Test Observed Behavior
We now break down the failed tests by function code.
VI.A.I. Function Codes 01 and 02
PLC Q and PLC M returned incorrect error codes when:
- the starting address and quantity of outputs was valid but the starting address + quantity of outputs was out of range
- the starting address was invalid but the quantity of outputs was within range
VI.A.II. Function Code 03
PLC Q conformed to function code 03’s specification whereas PLC M returned incorrect error codes under the following circumstances:
- when the starting address was valid but the quantity of registers to read was set to zero
- when the starting address was valid but the quantity of registers was out of range
- when the starting address was invalid and quantity of registers was 0 or out of range
VI.A.III. Function Code 04
PLC Q returned no error while PLC M returned incorrect error codes under the following erroneous circumstances:
- when the starting address and the quantity of registers was valid but the quantity of registers + starting address was out of range
- when the starting address was invalid but the quantity of registers was within range
« Prev | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | Next »
|
