ICCP/COTP TSAP Addressing Weakness

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.

Synopsis :

It is possible to determine a COTP TSAP value on the remote ICCP
server by trying possible values.

Description :

The ICCP stack (and other protocols MMS and IEC 61850) includes ISO
7073 (RFC 905) at the Transport Layer. ISO 7073 specifies the
Connection Oriented Transport Protocol (COTP) that includes a pair of
user configurable 16-bit numeric, or in some cases ASCII string
values, to identify client endpoints called Transport Service Access
Points (TSAP's).

The TSAP used in the host server was guessed by trying a sample of
possible values that are commonly used and easily attempted by

Solution :

Upgrade to Secure ICCP, select pseudorandom 16-bit value or restrict
the port to authorized hosts.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: SCADA

Nessus Plugin ID: 23812 ()

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial