I haven't worked with it yet but Schneider's M580 PLC I believe even supports authentication!
It is crazy that a Quantum or M340 PLC on an ethernet network basically has unauthenticated DMA. any device on the network can read or write to any addressed memory using the dead simple modbus protocol, and there is some more complicated protocol for reading and writing unaddressed memory.
I don't think Allen Bradley is any better as I don't recall ever having to specify any credentials or any other means of restricting which clients could connect and write to the PLC.
All de facto modbus implementations that I am familiar with use virtualized register banks that map to higher level parameter accesses including input validation. So the shenanigans you should be able to do with then are somewhat limited. But there is no authentication at all. This was designed at a time when notion of having a bad actor mess with an control system was not even invented yet.
It is crazy that a Quantum or M340 PLC on an ethernet network basically has unauthenticated DMA. any device on the network can read or write to any addressed memory using the dead simple modbus protocol, and there is some more complicated protocol for reading and writing unaddressed memory.
I don't think Allen Bradley is any better as I don't recall ever having to specify any credentials or any other means of restricting which clients could connect and write to the PLC.