topic Threat ID 31671 - SCADA ICCP Unauthorized COTP Connection Established in Advanced Threat Prevention Discussions https://live.paloaltonetworks.com/t5/advanced-threat-prevention/threat-id-31671-scada-iccp-unauthorized-cotp-connection/m-p/1231001#M2452 <P>I think the description of "Threat ID: 31671 - <SPAN>SCADA ICCP Unauthorized COTP Connection Established"&nbsp;</SPAN>is incorrect. Below is the description of the Threat, but it describes a successful connection there doesn't seem to be anything malicious to it. I'm thinking more should have been added to the description to describe why the threat is malicious.</P> <P>&nbsp;</P> <P><SPAN>"SCADA is the abbreviation for Supervisory Control And Data Acquisition. It generally refers to an industrial control system: a computer system monitoring and controlling a process. This alert indicates that an ICCP client has successfully connected using OSI Connection Oriented Transport Protocol."</SPAN></P> Thu, 05 Jun 2025 00:49:39 GMT K.Nand 2025-06-05T00:49:39Z Threat ID 31671 - SCADA ICCP Unauthorized COTP Connection Established https://live.paloaltonetworks.com/t5/advanced-threat-prevention/threat-id-31671-scada-iccp-unauthorized-cotp-connection/m-p/1231001#M2452 <P>I think the description of "Threat ID: 31671 - <SPAN>SCADA ICCP Unauthorized COTP Connection Established"&nbsp;</SPAN>is incorrect. Below is the description of the Threat, but it describes a successful connection there doesn't seem to be anything malicious to it. I'm thinking more should have been added to the description to describe why the threat is malicious.</P> <P>&nbsp;</P> <P><SPAN>"SCADA is the abbreviation for Supervisory Control And Data Acquisition. It generally refers to an industrial control system: a computer system monitoring and controlling a process. This alert indicates that an ICCP client has successfully connected using OSI Connection Oriented Transport Protocol."</SPAN></P> Thu, 05 Jun 2025 00:49:39 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/threat-id-31671-scada-iccp-unauthorized-cotp-connection/m-p/1231001#M2452 K.Nand 2025-06-05T00:49:39Z Re: Threat ID 31671 - SCADA ICCP Unauthorized COTP Connection Established https://live.paloaltonetworks.com/t5/advanced-threat-prevention/threat-id-31671-scada-iccp-unauthorized-cotp-connection/m-p/1237544#M2471 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1547639109">@K.Nand</a>&nbsp;,</P> <P>&nbsp;</P> <P>The threat isn't the connection itself; it's the fact that the connection is unauthorized. The alert is telling you that a connection was successfully established to a sensitive SCADA system by a source that should not be making that connection.</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> Tue, 09 Sep 2025 09:10:12 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/threat-id-31671-scada-iccp-unauthorized-cotp-connection/m-p/1237544#M2471 kiwi 2025-09-09T09:10:12Z