I wanted to update you about a new protocol functions and commands just added to our Application control blade. This enhancement is a new level in securing the OT environment, as the protocol is responsible for engineering and configuration and isn’t a “runtime” protocol (similar to the rest of our SCAD/ICS protocols in APPI). It means that current APPI is capable to detect and event prevent if required, such engineering  activities.

Schneider Electric devices, mainly PLCs, might support  number of Industrial Protocols (Modbus, Ethernet-IP, Canopen, etc). However, in order to be configured they use a proprietary protocol which is based on the Modbus Protocol.

The protocol (which is called UMAS), is based on the old Xway Unite protocol, used by old Telemechanique PLCs. The Umas protocol is used to configure and monitor the Schneider-Electric PLCs. It is based on the well-known modbus protocol and uses one of the reserved Function Codes specified in the Modbus Protocol Specification (Function Code 90 or 0x5A in hexadecimal). When Schneider Electric PLCs receive a modbus packet, it checks if the Function Code is 0x5A (function 90) and if so, some specific libraries are used, otherwise, the modbus request is treated normally, returning or modifying the specified register(s) or coil(s) of the PLC.

What UMAS functions our APPI currently support?