ICCP/COTP TSAP Addressing Weakness

medium Nessus Plugin ID 23812

Synopsis

It is possible to determine a COTP TSAP value on the remote ICCP server by trying possible values.

Description

The ICCP stack (and other protocols MMS and IEC 61850) includes ISO 7073 (RFC 905) at the Transport Layer. ISO 7073 specifies the Connection Oriented Transport Protocol (COTP) that includes a pair of user configurable 16-bit numeric, or in some cases ASCII string values, to identify client endpoints called Transport Service Access Points (TSAP's).

The TSAP used in the host server was guessed by trying a sample of possible values that are commonly used and easily attempted by trial-and-error.

Solution

Upgrade to Secure ICCP, select pseudorandom 16-bit value or restrict the port to authorized hosts.

Plugin Details

Severity: Medium

ID: 23812

File Name: scada_iccp_guess_cotp_tsap.nbin

Version: 1.78

Type: remote

Family: SCADA

Published: 12/11/2006

Updated: 7/17/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: SCADA/ICCP

Excluded KB Items: SCADA/ICCP/Tamarack