ICCP/COTP TSAP Addressing Weakness

Medium Nessus Plugin ID 23812


It is possible to determine a COTP TSAP value on the remote ICCP server by trying possible values.


The ICCP stack (and other protocols MMS and IEC 61850) includes ISO 7073 (RFC 905) at the Transport Layer. ISO 7073 specifies the Connection Oriented Transport Protocol (COTP) that includes a pair of user configurable 16-bit numeric, or in some cases ASCII string values, to identify client endpoints called Transport Service Access Points (TSAP's).

The TSAP used in the host server was guessed by trying a sample of possible values that are commonly used and easily attempted by trial-and-error.


Upgrade to Secure ICCP, select pseudorandom 16-bit value or restrict the port to authorized hosts.

Plugin Details

Severity: Medium

ID: 23812

File Name: scada_iccp_guess_cotp_tsap.nbin

Version: $Revision: 1.27 $

Type: remote

Family: SCADA

Published: 2006/12/11

Modified: 2018/01/29

Dependencies: 23811

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: SCADA/ICCP

Excluded KB Items: SCADA/ICCP/Tamarack