ICCP/COTP TSAP Addressing Weakness

This script is Copyright (C) 2006-2017 Tenable Network Security, Inc.

Synopsis :

It is possible to determine a COTP TSAP value on the remote ICCP
server by trying possible values.

Description :

The ICCP stack (and other protocols MMS and IEC 61850) includes ISO
7073 (RFC 905) at the Transport Layer. ISO 7073 specifies the
Connection Oriented Transport Protocol (COTP) that includes a pair of
user configurable 16-bit numeric, or in some cases ASCII string
values, to identify client endpoints called Transport Service Access
Points (TSAP's).

The TSAP used in the host server was guessed by trying a sample of
possible values that are commonly used and easily attempted by

Solution :

Upgrade to Secure ICCP, select pseudorandom 16-bit value or restrict
the port to authorized hosts.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: SCADA

Nessus Plugin ID: 23812 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now