Let's take a look at the types and features of representative PLC protocols


OT protocol used in OT sites (Automotive industry/Food and beverage/Water treatment etc.) where PLCs are the main focus


Common PLC Protocols and Their Characteristics

ProtocolTCP/UDPRemarkEncryptionMajor PLC
Modbus TCP/IPTCP 502Function Codes (e.g., 01=Read Coils, 03=Read Holding Registers). Simple master-slave communication.NoSchneider, Siemens, Rockwell, ABB

Modbus RTUSerial (RS-232/485)Uses CRC error checking, compact binary message format.
No
Schneider, Siemens, ABB

PROFINETTCP 34962-34964 / UDP 34962Real-Time (RT) & Isochronous Real-Time (IRT) for fast deterministic communication.
No
Siemens, Phoenix Contact, ABB
Profibus DP/PASerial (RS-485, MBP)DP: High-speed automation. PA: Field devices in hazardous areas.NoSiemens, ABB, Phoenix Contact
EtherNet/IPTCP 44818 / UDP 2222Common Industrial Protocol (CIP) for cyclic, real-time messaging.No (TLS optional)Rockwell (Allen-Bradley), Schneider, Omron
S7 Protocol (Siemens S7Comm, S7Comm+)TCP 102Used in Siemens PLCs for control, diagnostics, and data exchange.S7Comm (unencrypted),  S7Comm+ (encrypted)Siemens

OPC UA (Unified Architecture)TCP 4840Secure data modeling with XML/JSON/Binary encoding. Supports authentication.Encrypted (TLS, certificates)Siemens, Rockwell, Schneider, ABB

CC-Link IETCP 1969Real-time industrial Ethernet with high-speed communication.NoMitsubishi Electric, Omron

DNP3 (Distributed Network Protocol 3.0)TCP 20000 / UDP 20000Used in SCADA & remote automation. Secure authentication available.Encrypted (if using Secure DNP3)Schneider, GE, ABB

HART (Highway Addressable Remote Transducer)Serial (Bell 202) / TCPFSK (Frequency Shift Keying) over 4-20mA analog signal. Digital communication overlay.NoEmerson, Siemens, ABB

BACnet/IPUDP 47808Used in building automation. Supports object-oriented messaging.Encrypted (if using BACnet/SC)Siemens, Schneider, Honeywell

MQTT (Message Queuing Telemetry Transport)TCP 1883 / TCP 8883 (SSL)Lightweight, publish-subscribe messaging for IIoT.Encrypted (if using TLS/SSL)Siemens, Rockwell, Schneider, ABB
CANopenSerial (CAN bus)Broadcast-based protocol for real-time automation.NoBosch, Phoenix Contact, ABB
DeviceNetCAN-based (No TCP/UDP)CIP-based fieldbus for industrial automation.NoRockwell, Omron, Schneider

MELSEC (Mitsubishi Electric)TCP 5006 / UDP 5006Used for Mitsubishi PLC-to-PLC and HMI communication.NoMitsubishi Electric

Powerlink (Ethernet POWERLINK)UDP 2233Real-time Ethernet protocol with precise synchronization.NoB&R, ABB

EtherCAT (Ethernet for Control Automation Technology)UDP 34980High-speed, deterministic communication.NoBeckhoff, Siemens, Omron
GE SRTP (Service Request Transfer Protocol)TCP 18245Proprietary GE protocol for PLC-to-PLC communication.NoGE (General Electric)

IEC 60870-5-104TCP 2404Used in power grid control. Supports cyclic and spontaneous transmission.Optional encryption (TLS support)Siemens, ABB, Schneider

IEC 61850 MMS (Manufacturing Message Specification)TCP 102Used in substation automation. Object-oriented communication model.Encrypted (TLS support)Siemens, ABB, GE

Recap

  • Modbus TCP, PROFINET, EtherNet/IP, and OPC UA are the most widely used PLC protocols.
  • Most traditional PLC protocols lack encryption, posing cybersecurity risks.
  • EtherCAT and Powerlink provide high-speed real-time automation but lack encryption.
  • OPC UA, Secure DNP3, MQTT (TLS), and IEC 61850 offer encryption for secure communication.
  • S7Comm+ and BACnet/SC have added encryption support for industrial security.


#CPS #OT #XIoT #IoT #IIoT #IoMT #CPSSecurity #OTSecurity #IoTSecurity #CPS보안 #OT보안 #IoT보안

Comments

Popular posts from this blog

Don't confuse DCS, PLC and SCADA in front of OT specialists

Top 20 Threat Scenarios & Playbooks for OT Security

Let's create our own ICS Labs in the VMs!