Modbus

Modbus是一种串行通信协议,是Modicon于1979年,为使用可编程逻辑控制器(PLC)而发表的。MODBUS是工业领域通信协议的业界标准,并且现在是工业电子设备之间相当常用的连接方式。Modbus比其他通信协议使用的更广泛的主要原因有:
1、公开发表并且无版税要求
2、相对容易的工业网络部署
3、对供应商来说,修改移动原生的位元或字节没有很多限制
Modbus允许多个设备连接在同一个网络上进行通信,举个例子,一个由测量温度和湿度的装置,并且将结果发送给计算机。在数据采集与监视控制系统(SCADA)中,Modbus通常用来连接监控计算机和remote terminal unit (RTU)。

协议版本

Modbus协议目前存在用于串口、以太网以及其他支持互联网协议的网络的版本。
大多数Modbus设备通信通过串口EIA-485物理层进行。
对于串行连接,存在两个变种,它们在数值数据表示不同和协议细节上略有不同。Modbus RTU是一种紧凑的,采用二进制表示数据的方式,Modbus ASCII是一种人类可读的,冗长的表示方式。这两个变种都使用串行通讯(serial communication)方式。RTU格式后续的命令、数据带有循环冗余校验的校验和,而ASCII格式采用纵向冗余校验的校验和。被配置为RTU变种的节点不会和设置为ASCII变种的节点通信,反之亦然。
对于通过TCP/IP(例如以太网)的连接,存在多个Modbus/TCP变种,这种方式不需要校验和的计算。
对于所有的这三种通信协议在数据模型和功能调用上都是相同的,只有封装方式是不同的。
Modbus 有一个扩展版本 Modbus Plus(Modbus+或者MB+),不过此协定是Modicon专有的,和 Modbus不同。它需要一个专门的协处理器来处理类似HDLC的高速令牌旋转。它使用1Mbit/s的双绞线,并且每个节点都有转换隔离装置,是一种采用转换/边缘触发而不是电压、水平触发的装置。连接Modbus Plus到计算机需要特别的接口,通常是支持ISA(SA85),PCI或者PCMCIA总线的板卡。
通信和设备
Modbus协议是一个 master/slave 架构的协议。有一个节点是 master 节点,其他使用Modbus协议参与通信的节点是 slave 节点。每一个 slave 设备都有一个唯一的地址。在串行和MB+网络中,只有被指定为主节点的节点可以启动一个命令(在以太网上,任何一个设备都能发送一个Modbus命令,但是通常也只有一个主节点设备启动指令)。
一个ModBus命令包含了打算执行的设备的Modbus地址。所有设备都会收到命令,但只有指定位置的设备会执行及回应指令(地址 0例外,指定地址 0 的指令是广播指令,所有收到指令的设备都会执行,不过不回应指令)。所有的Modbus命令包含了检查码,以确定到达的命令没有被破坏。基本的ModBus命令能指令一个RTU改变它的寄存器的某个值,控制或者读取一个I/O端口,以及指挥设备回送一个或者多个其寄存器中的数据。
有许多modems和网关支持Modbus协议,因为Modbus协议很简单而且容易复制。它们当中一些为这个协议特别设计的。有使用有线、无线通信甚至短消息和GPRS的不同实现。不过设计者需要克服一些包括高延迟和时序的问题。

实现

几乎所有的实现都是官方标准的某种变体。不同的供应商设备之间可能无法正确的通信。一些主要的变化有:
数据类型
IEEE标准的浮点数
32 位整型数
8位数据
混合数据类型
整数中的位域
multipliers to change data to/from integer. 10, 100, 1000, 256 …
协议扩展
16位元的从站地址
32位的数据大小(1个地址 = 返回32位数据)
字交换数据

限制

Modbus是在1970年末为可编程逻辑控制器通信开发的,这些有限的数据类型在那个时代是可以被PLC理解的,大型二进制对象数据是不支持的。
对节点而言,没有一个标准的方法找到数据对象的描述信息,举个例子,确定一个寄存器数据是否表示一个介于30-175度之间的温度。
由于Modbus是一个主/从协议,没有办法要求设备“报告异常”(构建在以太网的TCP/IP协议之上,被称为open-mbus除外)- 主节点必须循环的询问每个节点设备,并查找数据中的变化。在带宽可能比较宝贵的应用中,这种方式在应用中消耗带宽和网络时间,例如在低速率的无线链路上。
Modbus在一个数据链路上只能处理247个地址,这种情况限制了可以连接到主控站点的设备数量(再一次指出以太网TCP/IP除外)
Modbus传输在远端通讯设备之间缓冲数据的方式进行,有对通信一定是连续的限制,避免了传输中的缓冲区漏洞的问题

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

最新工业控制系统漏洞

ICS-CERT Advisory Feed
Philips PageWriter TC10, TC20, TC30, TC50, and TC70 Cardiographs

This medical device advisory includes mitigation recommendations for improper input validation and use of hard-coded credentials vulnerabilities in Ph. . . read more Thu, 16 Aug 2018 10:10:15 EDT

Emerson DeltaV DCS Workstations

This advisory includes mitigation recommendations for uncontrolled search path element, relative path traversal, improper privilege management, and st. . . read more Thu, 16 Aug 2018 10:05:11 EDT

Tridium Niagara

This advisory was originally posted to the HSIN ICS-CERT library on July 10, 2018, and is being released to the NCCIC/ICS-CERT website. This advisory. . . read more Thu, 16 Aug 2018 10:00:55 EDT

Philips IntelliSpace Cardiovascular Vulnerabilities

This medical advisory includes mitigation recommendations for improper privilege management and unquoted search path vulnerabilities in Philips'. . . read more Tue, 14 Aug 2018 10:15:11 EDT

Siemens SIMATIC STEP 7 and SIMATIC WinCC

This advisory includes mitigation recommendations for incorrect default permissions vulnerabilities in Siemens' STEP 7 and SIMATIC WinCC TIA Port. . . read more Tue, 14 Aug 2018 10:10:11 EDT

Siemens OpenSSL Vulnerability in Industrial Products

This advisory includes mitigations for OpenSSL vulnerabilities reported in various Siemens industrial products.. . . read more Tue, 14 Aug 2018 10:05:47 EDT

Siemens Automation License Manager

This advisory includes mitigation recommendations for relative path traversal and improper input validation vulnerabilities in Siemens' Automatio. . . read more Tue, 14 Aug 2018 10:00:11 EDT

Crestron TSW-X60 and MC3

This advisory includes mitigation recommendations for OS command injection, improper access control, and insufficiently protected credentials vulnerab. . . read more Thu, 09 Aug 2018 10:05:01 EDT

NetComm Wireless 4G LTE Light Industrial M2M Router

This advisory includes mitigation recommendations for information exposure, cross-site forgery, cross-site scripting, and information exposure through. . . read more Thu, 09 Aug 2018 10:00:01 EDT

Medtronic MyCareLink 24950 Patient Monitor

This medical device advisory includes mitigation recommendations for insufficient verification of data authenticity and storing passwords in a recover. . . read more Tue, 07 Aug 2018 10:10:31 EDT

Medtronic MiniMed 508 Insulin Pump

This medical device advisory includes mitigation recommendations for cleartext transmission of sensitive information and authentication bypass by capt. . . read more Tue, 07 Aug 2018 10:05:37 EDT

Delta Electronics CNCSoft and ScreenEditor

This advisory includes mitigation recommendations for stack-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics' CN. . . read more Tue, 07 Aug 2018 10:00:01 EDT

Davolink DVW-3200N

This advisory includes mitigation recommendations for a use of password hash with insufficient computational effort vulnerability in the Davolink DVW-. . . read more Tue, 31 Jul 2018 10:20:41 EDT

Johnson Controls Metasys and BCPro

This advisory includes mitigation recommendations for an information exposure through an error message vulnerability in Johnson Controls' Metasys. . . read more Tue, 31 Jul 2018 10:15:01 EDT

WECON LeviStudioU

This advisory includes mitigation recommendations for stack-based buffer overflow and heap-based buffer overflow vulnerabilities in WECON's LeviS. . . read more Tue, 31 Jul 2018 10:10:01 EDT

AVEVA InTouch Access Anywhere

This advisory includes mitigation recommendations for a cross-site scripting vulnerability in the outdated and insecure third-party jQuery library use. . . read more Tue, 31 Jul 2018 10:05:20 EDT

AVEVA Wonderware License Server

This advisory includes mitigation recommendations for an improper restriction of operations within the bounds of a memory buffer vulnerability in the. . . read more Tue, 31 Jul 2018 10:00:30 EDT

AVEVA InduSoft Web Studio and InTouch Machine Edition

This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in AVEVA's InduSoft Web Studio and InTouch Mach. . . read more Thu, 19 Jul 2018 10:15:17 EDT

AVEVA InTouch

This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in AVEVA's InTouch HMI software.. . . read more Thu, 19 Jul 2018 10:10:01 EDT

Echelon SmartServer 1, SmartServer 2, SmartServer 3, i.LON 100, i.LON 600

This advisory includes mitigation recommendations for information exposure, authentication bypass using an alternate path or channel, unprotected stor. . . read more Thu, 19 Jul 2018 10:05:16 EDT