Supported devices and protocols

Kaspersky Industrial CyberSecurity for Networks analyzes traffic of the following classes of devices used for process automation:

• Programmable Logic Controllers (PLC):
  • ABB™ AC 700F
  • ABB AC 800M
  • ABB B&R
  • Allen-Bradley® ControlLogix® series
  • Allen-Bradley CompactLogix™ series
  • AutomationDirect DirectLOGIC
  • BECKHOFF® CX series
  • CHINT MAS400
  • CHINT MAS9600
  • Emerson DeltaV M series
  • Emerson DeltaV S series
  • Emerson ControlWave series
  • General Electric RX3i
  • Honeywell C300 for Experion PKS control systems
  • Honeywell C300 for PlantCruise control systems
  • Honeywell ControlEDGE 900 series
  • IPU950
  • Mitsubishi System Q E71
  • OMRON CJ2M
  • Schneider Electric Foxboro FCP270
  • Schneider Electric Foxboro FCP280
  • Schneider Electric Modicon M340
  • Schneider Electric Modicon M580
  • Schneider Electric Modicon Momentum
  • Siemens SIMATIC® S7-200
  • Siemens SIMATIC S7-300
  • Siemens SIMATIC S7-400
  • Siemens SIMATIC S7-1200
  • Siemens SIMATIC S7-1500
  • YCU supporting the YARD protocol
  • ELC supporting the YARD protocol
  • Yokogawa CENTUM
  • Yokogawa ProSafe-RS
  • OWEN PLC100 series
  • Prosoft-Systems Regul R500
  • Tecon MFK
  • KNX® devices
  • Devices in Valmet DNA control systems
  • Devices supporting the Allen-Bradley EtherNet/IP protocol
  • Devices supporting the COS protocol
  • Devices supporting the DTS protocol
  • Devices supporting the FEU protocol
  • Devices supporting the VNIIA protocol
  • Devices supporting the PK4 protocol
  • Devices supporting the PNU20 protocol
  • Devices supporting the CODESYS V2 protocol
  • Devices supporting the CODESYS V3 protocol
  • Devices supporting the ISaGRAF protocols
  • Devices supporting the Siemens S7comm protocol
  • Devices supporting the Siemens S7comm-plus protocol
  • Devices supporting PROFINET IO standard protocols
• Intelligent electronic devices (hereinafter referred to as IED):
  • ABB Relion™ REF615
  • ABB Relion RED670
  • ABB Relion REL670
  • ABB Relion RET670
  • General Electric Multilin B30
  • General Electric Multilin C60
  • MiCOM C264
  • Schneider Electric P545
  • Schneider Electric Sepam 80 NPP series
  • Siemens SIPROTEC™ 4 6MD66
  • Siemens SIPROTEC 4 7SA52
  • Siemens SIPROTEC 4 7SJ64
  • Siemens SIPROTEC 4 7SS52
  • Siemens SIPROTEC 4 7UM62
  • Siemens SIPROTEC 4 7UT63
  • Relematika TOR 300
  • EKRA 200 series
  • EKRA BE2502 series
  • EKRA BE2704 series
  • Devices supporting the DNP3 protocol
  • Devices supporting the Schneider Electric UMAS protocol
  • Devices supporting the IEC 60870-5-101 / IEC 60870-5-103 protocol
  • Devices supporting the IEC 60870-5-104 protocol
  • Devices supporting the IEC 61850-8-1 GOOSE protocol
  • Devices supporting the IEC 61850-8-1 MMS protocol
  • Devices supporting the IEC 61850-9-2 Sampled Values protocol
  • Devices supporting the Modbus TCP protocol
• Measurement devices:
  • Devices supporting the DLMS/COSEM protocol
• Devices with server software installed:
  • FTP server
  • OPC DA server
  • OPC UA server
  • Siemens SICAM PAS server
  • TASE.2 server
  • Server with encryption support
  • ARMS SCADA system devices
• Devices categorized as network equipment:
  • Moxa NPort series
  • I/O devices supporting the BACnet™ protocol
  • I/O devices supporting the FTP protocol
  • I/O devices supporting the IEC 60870-5-101 / IEC 60870-5-103 protocol
  • I/O devices supporting the IEC 60870-5-104 protocol
  • I/O devices supporting the Modbus TCP protocol
  • I/O devices supporting the OPC DA protocol, the WMI device interaction protocol
  • I/O devices supporting the OPC UA Binary device interaction protocol
  • Devices supporting Telnet control commands from the server

Kaspersky Industrial CyberSecurity for Networks also has generic classes of devices for process control: Generic PLC, Generic IED and Generic Gateway. Using these classes of devices, you can configure Kaspersky Industrial CyberSecurity for Networks to analyze traffic for those devices that are not on the list of supported classes. For generic classes of devices, you can specify any combination of application-level protocols from the list of supported protocols on devices related to programmable logic controllers, intelligent electronic devices and network gateways.

For the supported classes of devices, Kaspersky Industrial CyberSecurity for Networks analyzes communications over the following application-level protocols:

• ABB SPA-Bus
• Allen-Bradley EtherNet/IP
• BACnet
• BECKHOFF ADS/AMS
• BSAP
• CODESYS V2
• CODESYS V3 GATEWAY over TCP
• CODESYS V3 GATEWAY over UDP
• COS
• DLMS/COSEM
• DMS for ABB AC 700F devices
• DNP3
• Emerson ControlWave Designer
• Emerson DeltaV, including the protocol for updating embedded software (firmware)
• FTP
• General Electric EGD
• General Electric SRTP
• IEC 60870-5-101 / IEC 60870-5-103
• IEC 60870-5-104
• IEC 61850-8-1 GOOSE
• IEC 61850-8-1 MMS (including MMS Reports)
• IEC 61850-9-2 Sampled Values
• INA2000
• ISaGRAF IXL
• ISaGRAF SNCP
• KNXnet/IP
• Mitsubishi MELSEC System Q
• MMS (ISO 9506-2)
• Modbus TCP
• OMRON FINS over TCP
• OMRON FINS over UDP
• OMRON FINS over EtherNet/IP
• OPC DA, protocol for interaction of devices over WMI technology
• OPC UA Binary
• PROFINET DCP
• PROFINET IO
• RPC for PROFINET IO
• Schneider Electric UMAS
• Siemens S7comm
• Siemens S7comm-plus
• TASE.2 / IEC 60870-6
• TwinCAT3
• YARD
• Yokogawa Vnet/IP
• VNIIA
• Relematika BDUBus
• PK4
• PNU20
• Modification of the MMS protocol for ABB AC 800M devices
• Modification of the Modbus TCP protocol for EKRA 200 devices
• Automated radiation monitoring systems (ARMS) protocol
• Protocol for interaction between Siemens SICAM PAS and SICAM SCC (based on SIMATIC WinCC®)
• AutomationDirect DirectLOGIC device interaction protocol
• CHINT MAS400 device communication protocol
• CHINT MAS9600 device communication protocol
• Protocol for interaction of Foxboro FCP270 devices
• Protocol for interaction of Foxboro FCP280 devices
• IPU-FEU device interaction protocol
• MiCOM C264 device interaction protocol
• Valmet DNA device interaction protocol
• Protocol for initial setup of Prosoft-Systems devices
• Data Transfer Systems (DTS) protocol
• Protocol of devices with Siemens DIGSI 4 system software
• Protocols for interaction of devices in Honeywell Experion PKS / PlantCruise control systems
• Protocols for startup configuration and interaction of Moxa NPort series devices
• Protocols for detection and interaction of Honeywell ControlEDGE 900 series devices

To analyze traffic and interactions of devices, the application uses specialized modules for processing application-level protocols. The modules included in packages from the Kaspersky Industrial CyberSecurity for Networks distribution kit provide support for the listed classes of devices and application-level protocols. You can update protocol processing modules by installing updates. When installing updates to the application, new modules supporting additional classes of devices and/or application-layer protocols may be added.

Kaspersky Industrial CyberSecurity for Networks also analyzes traffic transmitted over common protocols. For a list of the supported common protocols, see the Appendix.

Page top