ICCP/COTP (ISO 7073) Protocol Detection

This script is Copyright (C) 2006-2011 Tenable Network Security, Inc.


Synopsis :

COTP (ISO 7073) is running on the host and may be part of an ICCP
server, MMS application, or substation automation device that uses
IEC61850 / UCA.

Description :

The ICCP stack (and other protocols such as MMS and IEC 61850) include
ISO 7073 (RFC 905) at the Transport Layer. ISO 7073 specifies the
Connection Oriented Transport Protocol (COTP) that uses a pair of user
configurable 16-bit numeric, or in some cases ASCII string values, to
identify client endpoints called Transport Service Access Points
(TSAPs).

Note that ICCP by itself does not offer protection against
eavesdropping, spoofing, man-in-the-middle, and similar attacks.

See also :

http://wiki.wireshark.org/COTP
http://www.nessus.org/u?672d06fe

Solution :

Either limit traffic to this port to authorized hosts or upgrade to
Secure ICCP, which protects the basic protocol with SSL / TLS
encryption and digital certificates.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: SCADA

Nessus Plugin ID: 23811 ()

Bugtraq ID:

CVE ID: