Modbus

Modbus is one of the oldest and most widely used communication protocols in industry. It enables data exchange between controllers, gateways, and field devices such as energy meters, sensors, drives, and remote I/O. The protocol is deliberately simple: data is read or written as registers, without semantic description of the content.

This simplicity is precisely why Modbus has been present in manufacturing for decades – and why brownfield systems will continue to use it for years to come.

Modbus RTU vs. Modbus TCP

Both variants share the same register logic but differ in transport.

Modbus RTU runs over serial lines, typically RS-485. It follows a master-slave principle: one master polls, slaves respond. Robust and inexpensive – but with limited bandwidth and a pure polling character.

Modbus TCP runs over Ethernet via TCP/IP following a client-server model. It integrates more easily into IT/OT networks, offers higher bandwidth, and operates over standard switches.

The rule of thumb: RTU is serial, TCP is network. The underlying data logic is nearly identical in both cases.

Register Logic: How Modbus Describes Data

Modbus does not transmit semantic objects like "temperature in degrees Celsius" or "machine status active." It transmits address spaces with four types: coils (single bits, readable and writable), discrete inputs (single bits, read-only), input registers (16-bit values, read-only), and holding registers (16-bit values, read and write).

What a register means – unit, scaling, sign, byte order – comes exclusively from the manufacturer's documentation or a data model in the gateway or SCADA system. Without this context, Modbus raw values are not interpretable.

Typical Use Cases on the Shop Floor

Modbus is used for energy and utilities metering (electricity, compressed air, gas, water), for temperature, flow, and pressure sensing, for simple states and counters from peripheral devices, and for gateway-based integration of legacy equipment into SCADA, edge, or MES systems.

Modbus and MES: The Realistic Data Path

A MES rarely communicates with Modbus directly. The typical path is: device (Modbus RTU or TCP) → gateway, PLC, SCADA, or edge → standardized interface such as OPC UA, MQTT, or REST → MES or BI.

For cloud-native MES platforms integrating brownfield equipment, an edge gateway with a Modbus driver is the pragmatic approach: the gateway handles protocol translation, data normalization, and contextualization – rather than pushing raw Modbus values directly into higher-level systems. Clean tag names and units, consistent timestamp logic, and a clear definition of where a value is finally interpreted are the critical success factors.

Security with Modbus TCP

Modbus has no built-in authentication or encryption mechanism. In networked OT/IT environments, security must therefore be established through network segmentation, firewall rules, VPN or zero-trust concepts, and granular access controls. Open Modbus TCP ports directly on the corporate network represent a relevant security risk.

Common Mistakes

Incorrect scaling or byte order turns 12.3 into 1230 or a negative value – and goes unnoticed until KPIs stop making sense. Overly aggressive polling overloads devices and creates dropouts. Guessing register assignments instead of documenting them makes integrations unmaintainable over time. And write operations without safeguards can trigger unintended setpoints or outputs.

FAQ

What is the difference between Modbus and OPC UA? Modbus is a simple register protocol without semantic data description. OPC UA is a comprehensive communication framework with an information model, security mechanisms, and standardized data types. In practice, both are combined: Modbus at the field level, OPC UA as the standardized layer above – often via a gateway.

Can Modbus be used for real-time data? With limitations. Modbus RTU and TCP are polling-based, not event-driven protocols. Response times depend on poll rate and network load. For time-critical control tasks, modern protocols like PROFINET or EtherNet/IP are better suited. For monitoring and data collection, Modbus is sufficient in most use cases.

How many registers can be read per request? This depends on the implementation, but typically up to 125 holding registers per read request. For performance-optimized polling, consecutive registers are bundled in a single request rather than queried individually.

Is Modbus still relevant today? For new systems, more modern alternatives exist. Modbus remains relevant as long as legacy devices use it – and in manufacturing environments, that will be the case for years. The pragmatic approach: leave Modbus at the device level and translate it into standardized protocols via gateway or edge.