Hackers Love This 1979 Protocol (Because It Can't Defend Itself)

The Ancient Protocol where 46,000+ Exposed and Still Running Modern Industry…

Azim Uddin

~3 min read · July 16, 2025 (Updated: July 16, 2025) · Free: Yes

Modbus has been around since 1979. That's before the internet, before smartphones — before cybersecurity was even a concept.

And yet, it's still everywhere in industrial automation.

From PLCs to SCADA systems, power grids to water plants, Modbus is the silent workhorse that keeps industrial systems moving.

But here's the harsh truth: Modbus is wildly insecure.

What Is Modbus?

🗓️ Developed in 1979 by Modicon (now Schneider Electric)
📡 Designed for simple, serial communication between devices
🌍 Still found in thousands of plants and facilities worldwide

You'll see it in:

⚙️ Programmable Logic Controllers (PLCs)
📈 SCADA control systems
💡 Building automation networks

🛢️ Oil & gas infrastructure

🌊 Water treatment plants
⚡ Power generation and distribution

It's legacy tech. But it's still online.

The Exposure Problem

Censys scan data paints a scary picture:

🪤 46,500+ Modbus endpoints publicly exposed
🗽 7,000+ in the United States
🇰🇷 4,600+ in South Korea
⚠️ 13,000+ systems tied to known, exploited vulnerabilities

fig: MODBUS endpoint

No firewall. No VPN. Just wide open.

Why Modbus Is So Dangerous

Because it was never designed to be secure in the first place.

🔓 No encryption — all traffic is plain text
🛂 No authentication — anyone can issue commands
👻 Easily spoofed or replayed
💣 Vulnerable to DoS attacks
🎛️ Setpoints and actuator controls can be hijacked remotely

This isn't theoretical. If Modbus is exposed, an attacker can literally shut down pumps, cut power, or flood a system.

How To Protect Modbus in 2025

If you're still using Modbus — and let's be honest, many still are — this is what you need to do:

🧱 Segment your ICS network from the IT and public internet 🚫 Block external access to port 502 (Modbus default) ✅ Restrict Modbus to trusted IPs only using firewalls 🔍 Monitor Modbus traffic with tools like Zeek, Snort, or Suricata 🔐 Use VPNs + MFA for any remote access into the network 🔁 Replace Modbus where possible with modern, secure alternatives like OPC UA with TLS

Final Word

Modbus is:

🪧 Simple 🗿 Everywhere ⛓️‍💥 Dangerously outdated

The next big industrial cyberattack. It might just ride in on port 502.

If you see Modbus exposed — shut it down. Immediately and support palestine

This research part of oaps_another_attack_surface series, another interesting blog about industrial exposed: OPC_UA Hacked And you found me LinkedIn

#cybersecurity #censys #blue-team #red-team #industry