Wurldtech
Wurldtech
Wurldtech - Security Technologies
Wurldtech
Wurldtech
Wurldtech
 
Wurldtech - Industry Resources
Wurldtech
Wurldtech

Related Topics
Wurldtech
Wurldtech

Industry Resources
Wurldtech

On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols

VI.B. MODBUS/TCP Write Grammar Test

The MODBUS/TCP Write grammar examines the DUT's behavior in response to valid and invalid write requests. The function codes tested are:

  • 05 Write Single Coil
  • 06 Write Single Register
  • 15 Write Multiple Coils
  • 16 Write Multiple Registers
  PLC M PLC Q
Test cases 1384 1384
Passed 504 1040
Failed 880 344

Table 2: Write Grammar Test Observed Behavior

We now break down the failed tests by function code.

VI.B.I. Function Code 15

Both PLC Q and PLC M returned incorrect error codes under the following circumstances:

  • when the starting address, the quantity of outputs and the data was valid but the starting address + quantity of output was out of range
  • when the starting address and the quantity of outputs was valid but the starting address + quantity of outputs was out of range and the data byte length was not equal to the actual length of the data
  • when the starting address was invalid and the quantity of outputs was 0 and data length was correct or incorrect
  • when the starting address was invalid and the quantity of outputs was non zero and the data length was incorrect

VI.B.II. Function Code 16

PLC Q incorrectly reported an error when:

  • the starting address was valid and the starting address + quantity of registers was within range and the quantity of registers was 122 or 123 (limit is 123)

PLC Q returned incorrect error codes under the following circumstances:

  • when the starting address was valid and the quantity of registers was 122 or 123 and the starting address + quantity of registers was out of range and the data was valid

PLC M returned incorrect error codes under the following circumstances:

  • when the starting address was valid but the quantity of registers was zero
  • when the starting address and quantity of registers was valid and the starting address + quantity was with in range but the actual data length and specified data length were not in agreement
  • when the starting address was valid and the quantity of registers was invalid and the staring address + quantity of registers was within range
  • when the starting address was valid and the quantity of registers was invalid and the actual data length and the specified data length were or were not in agreement

« Prev | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | Next »

Wurldtech - Site Assessment
 
Wurldtech - Industry Feedback
 
Wurldtech
Wurldtech
 
Wurldtech
Wurldtech

Contact Information | News Center | Privacy Policy | Trademarks | Industry Resources
© Copyright 2007 Wurldtech Security Technologies Inc.
Wurldtech
Wurldtech