Critical infrastructure

CIP (Common Industrial Protocol): CIP messages, device types, implementation and security in CIP

May 29, 2020 by Nitesh Malviya

Common Industrial Protocol (CIP) was created by Open DeviceNet Vendors Association Company (ODVA) specifically for automating industrial processes for sharing the data among various components in ICS (Industrial Control Systems) network. ODVA supports different sections and extensions of CIP: CIP safety, CIP Energy, CIP Sync and CIP Motion. 

The design and implementation of CIP is neither as simple as Modbus nor as complex and heavy as PROFINET. CIP comprises a set of messages and services for security, control, synchronization, configuration and sharing of information.

CIP has been adapted widely in ICS networks because it provides integration and inter-communication with different types of networks. They are:

  1. Ethernet/IP/IP: CIP adaptation to TCP (Transmission Control Protocol) technologies
  2. ControlNet: CIP adaptation to CTDMA (Concurrent Time Domain, Multiple Access) technologies
  3. DeviceNet: CIP adaptation to CAN (Controller Area Network) technologies
  4. CompoNet: CIP adaptation to TDMA (Time Division Multiple Access) technologies

CIP messages

CIP follows a pattern called the producer-consumer pattern. As the name suggests, producers produce and put messages into circulation for various consumer nodes in the network. Consumer receive messages and decide whether the particular message is intended for them or not. This is done on the basis of the identifier field present in the message.

Producers produce two types of messages, depending on the type of architecture being implemented and followed:

  1.  Implicit message: An implicit message has identifier, data and CRC fields in it. The consumer node decides whether the received message is intended on the basis of the Identifier field present in the message
  2.  Explicit message: A typical explicit message has four fields: origin, destination, data and CRC. The consumer node decides whether the received message is intended for it by reading the destination field value and accordingly takes the necessary action

CIP device types

On the basis of the functionality offered, CIP devices have been broadly categorized into four types:

  1. Messaging server: A messaging server supports only explicit messaging operations. This kind of device is used to store/push ASCII data in barcodes or RFID applications
  2. Messaging client: A messaging client supports only explicit messaging operations. This kind of device is used to pull ASCII data from barcodes or RFID applications
  3. I/O server: An I/O server supports both implicit and explicit messaging operations and are used in applications like photeyes, I/O muxes and valves
  4. I/O scanner: An I/O scanner supports all the functionalities offered in an I/O server. On top of that, it adds the capabilities for opening the connection and initiating the transfers. It can serve as both receivers and senders of output data

CIP implementation

As discussed above, CIP is implemented for four types of networks. While implementation remains the same for ControlNet, DeviceNet and CompoNet, implementation for Ethernet/IP is different.

  1. Ethernet/IP implementation: Introduced in 2001, Ethernet/IP is one of the protocols implementing CIP protocol. Thus, CIP was implemented to the Ethernet network via Ethernet/IP. CIP works on the application layer in the Ethernet network and Ethernet/IP functions on the transport and network layer of the TCP/IP stack. Explicit messages use TCP (Transmission Control Protocol) and implicit messages use UDP (User Datagram Protocol) for communication. Explicit messages use TCP port number 44818, while implicit messages use UDP port number 2222 for communication
  2. ControlNet, DeviceNet and CompoNet implementation: Unlike Ethernet/IP implementation, ControlNet, DeviceNet and CompoNet implementation uses different media for transmission and data transfer. These are CANBus, coaxial and round cables. CIP implementation varies depending upon the physical mechanism being used

Security in CIP

Since CIP is implemented in two forms, security considerations also vary depending on the implementation:

  1. Security concerns for Ethernet/IP implementation: Ethernet/IP is affected by all the vulnerabilities of Ethernet. Some of them include traffic capture and spoofing (impersonating messages from legitimate devices). Since it uses UDP, it is susceptible to malicious traffic injection and possibility of transmission route manipulation using IGMP
  2. Security concerns for ControlNet, DeviceNet and CompoNet implementation: This implementation uses a physical mechanism for transmission of information; thus, the best way to protect this kind of implementation is to segregate the implementation from the rest of the network, and they must be isolated from external connection. Implementing IDS/IPS systems is also advisable

Irrespective of the type of implementation, a typical CIP network should consider and implement a few other factors for maintaining optimum level security. Some of them include:

  1. Integrity: Rejecting data and messages that have been altered
  2. Authentication: Rejecting data and messages that have been sent by untrusted people/devices
  3. Authorization: Rejecting data and messages that request actions that are not allowed


That’s really all there is for CIP. CIP is a great protocol for industrial process automation. With the elegance and simplicity in design, it can be adopted and implemented easily and operated reliably and efficiently.


Posted: May 29, 2020
Nitesh Malviya
View Profile

Nitesh Malviya is a Security Consultant. He has prior experience in Web Appsec, Mobile Appsec and VAPT. At present he works on IoT, Radio and Cloud Security and open to explore various domains of CyberSecurity. He can be reached on his personal blog - and Linkedin -