Port 102 Details
known port assignments and vulnerabilities
6 records found
||Port used by X.400, X.500, ITOT, ISO-TSAP (Transport Service Access Point) protocol.
Microsoft Exchange uses this port for X.400 mail messaging traffic. No known vulnerabilities, but similar to data-driven attacks common to smtp plus possible direct attacks, such as with sendmail. Always static route inbound mail to a protected/hardened email server.
X.500 Directory Service - Used to distribute user names, user info and public keys.
Security Concerns: Depending on vendor implementation probes can reveal valuable user info for follow-on attacks. On poorly configured servers attackers can replace public keys for data capture or DOS purposes.
Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port).
Siemens SIMATIC S7-1200 is vulnerable to a denial of service. By sending specially-crafted ISO-TSAP packets to TCP port 102, a remote attacker could exploit this vulnerability to cause the device to go into defect mode until a cold restart is performed.
References: [XFDB-109688] [EDB-38964]
A vulnerability in Siemens SIMATIC STEP 7 (TIA Portal) could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using man-in-the-middle techniques to intercept or modify Siemens industrial communications at TCP port 102.
References: [CVE-2015-1601] [XFDB-101004] [BID-72691]
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.
Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean devices, CP 343-1 devices, TIM 3V-IE devices, TIM 3V-IE Advanced devices, TIM 3V-IE DNP3 devices, TIM 4R-IE devices, TIM 4R-IE DNP3 devices, CP 443-1 devices, and CP 443-1 Advanced devices might allow remote attackers to obtain administrative access via a session on TCP port 102.
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.
References: [CVE-2016-2200], [XFDB-110522]
Siemens SIMATIC S7-300 is vulnerable to a denial of service. By sending specially-crafted packets to TCP port 102, a remote attacker could exploit this vulnerability to cause the device to go into defect mode.
References: [CVE-2016-3949] [XFDB-113903]
An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU.
References: [CVE-2017-6868], [BID-99234]
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.
Delf, Skun trojans also use this port (TCP).
||ISO-TSAP (Transport Service Access Point) Class 0 protocol (official)
||tsap ISO-TSAP Class 0
||ISO Transport Service Access Point
||ISO-TSAP Class 0
Related ports: 103
« back to SG Ports
SANS Internet Storm Center: port 102
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.
TCP ports use the Transmission Control Protocol. TCP is the most commonly used protocol
on the Internet and any TCP/IP network. Whereas the IP protocol deals only with packets, TCP enables two hosts
to establish a connection and exchange streams of data. TCP guarantees delivery of data
and that packets will be delivered in the same order in which they were sent.
Guaranteed communication/delivery is the key difference between TCP and UDP.
UDP ports use the Datagram Protocol, a communications protocol for the Internet network,
transport, and session layers. Like TCP (Transmission Control Protocol),
UDP is used with IP (the Internet Protocol) and makes possible the transmission of datagrams
from one computer to applications on another computer, but unlike TCP, UDP is connectionless
and does not guarantee reliable communication; it's up to the application that received
the message to process any errors and verify correct delivery. UDP is often used with time-sensitive
applications, such as audio/video streaming, where dropping some packets is preferable to waiting for delayed data.
When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them.
This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command.
We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software.
For more detailed and personalized help please use our forums.
Please use the "Add Comment" button below to provide additional information or comments about port 102.