Internet-Security.com TCP port 502 details

TCP port 502 is the well-known port for Modbus/TCP, the Ethernet version of the Modbus industrial protocol.
It’s used by PLCs such as Schneider Electric Modicon M340/M580/Quantum, WAGO 750/753 controllers, ABB AC500, and Beckhoff CX/TwinCAT devices.
Power and building devices exposing Modbus/TCP on 502 include Schneider Electric PowerLogic meters (e.g., PM8000/ION9000) and Siemens SENTRON PAC power meters.
SCADA/HMI and OPC servers that talk on 502 include Inductive Automation Ignition (Modbus TCP driver), Kepware KEPServerEX (Modbus TCP/IP), AVEVA/Wonderware Modbus TCP I/O Server, Matrikon OPC Modbus, and Siemens WinCC Modbus drivers.
Industrial gateways and remote I/O frequently use 502, for example Moxa ioLogik E12xx units, Red Lion DA10D/DA30D/Data Station Plus, and HMS Anybus gateways.
APC/Schneider Electric UPS and PDUs with Network Management Cards (e.g., AP9635/AP9640) provide Modbus/TCP services on 502.
Rockwell Automation systems often integrate Modbus/TCP on 502 via third-party modules like ProSoft Modbus TCP modules for ControlLogix/CompactLogix.
Because Modbus/TCP lacks authentication and encryption, attackers scan and abuse exposed 502 services to read/write registers or change device states; ICS advisories have documented such risks for products like Schneider Modicon and WAGO PLCs.

TCP 502