Since Modbus was designed in the late 1970s to communicate to programmable logic controllers, the number of data types is limited to those understood by PLCs at the time. Large binary objects are not supported.
No standard way exists for a node to find the description of a data object, for example, to determine whether a register value represents a temperature between 30 and 175 degrees.
Since Modbus is a master/slave protocol, there is no way for a field device to “report by exception” (except over Ethernet TCP/IP, called open-mbus) – the master node must routinely poll each field device and look for changes in the data. This consumes bandwidth and network time in applications where bandwidth may be expensive, such as over a low-bit-rate radio link.
Modbus is restricted to addressing 254 devices on one data link, which limits the number of field devices that may be connected to a master station (once again, Ethernet TCP/IP being an exception).
Modbus transmissions must be contiguous, which limits the types of remote communications devices to those that can buffer data to avoid gaps in the transmission.
Modbus protocol itself provides no security against unauthorized commands or interception of data.