EXPOSED ICS devices and insecure protocols such as Modbus are raising alarms for critical infrastructure, with recent research showing the scale of the risk. A global scan of devices answering on port 502 found 311 initial responses, of which 179 were identified as likely real ICS devices after filtering out honeypots and unreliable data. These devices were spread across several countries, with the United States hosting the largest share (57), followed by Sweden (22) and Turkey (19).
Some of the exposed systems were linked to highly sensitive environments, including a device appearing to be part of a national railway network and others connected to national power grids in Europe and Asia. The report notes that many devices did not disclose detailed manufacturer information, but among those that did, Schneider Electric devices were most common, followed by Data Electronics and ABB Stotz-Kontakt, while 128 devices exposed only firmware versions or internal IDs.
According to Comparitech, 54 devices did advertise their manufacturer, and a lack of built‑in authentication or encryption in Modbus and similar protocols makes such devices vulnerable to credential-free manipulation if exposed to the internet.