diff --git a/scripts/lua/modules/alert_definitions/flow/alert_potentially_dangerous_protocol.lua b/attic/scripts/lua/modules/alert_definitions/alert_potentially_dangerous_protocol.lua
similarity index 100%
rename from scripts/lua/modules/alert_definitions/flow/alert_potentially_dangerous_protocol.lua
rename to attic/scripts/lua/modules/alert_definitions/alert_potentially_dangerous_protocol.lua
diff --git a/attic/scripts/lua/modules/alert_definitions/potentially_dangerous.lua b/attic/scripts/lua/modules/alert_definitions/potentially_dangerous.lua
new file mode 100644
index 0000000000..5d4a72a0e1
--- /dev/null
+++ b/attic/scripts/lua/modules/alert_definitions/potentially_dangerous.lua
@@ -0,0 +1,42 @@
+--
+-- (C) 2019-22 - ntop.org
+--
+
+local checks = require("checks")
+local alert_consts = require "alert_consts"
+local alerts_api = require "alerts_api"
+local flow_alert_keys = require "flow_alert_keys"
+
+-- #################################################################
+
+local script = {
+   -- Script category
+   category = checks.check_categories.security,
+
+   -- This script is only for alerts generation
+   alert_id = flow_alert_keys.flow_alert_potentially_dangerous,
+
+   default_value = {
+   },
+
+   gui = {
+      i18n_title = "flow_checks_config.potentially_dangerous_protocol",
+      i18n_description = "flow_checks_config.potentially_dangerous_protocol_description",
+   }
+}
+
+-- #################################################################
+
+function script.setup()
+   -- IMPORTANT: this check is essential to prevent users from running enterprise
+   -- scripts from pro
+   if(not ntop.isEnterpriseM()) then
+      return false
+   end
+
+   return true
+end
+
+-- #################################################################
+
+return script
diff --git a/include/flow_checks/IECInvalidCommandTransition.h b/include/flow_checks/IECInvalidCommandTransition.h
new file mode 100644
index 0000000000..6c486db90b
--- /dev/null
+++ b/include/flow_checks/IECInvalidCommandTransition.h
@@ -0,0 +1,47 @@
+/*
+ *
+ * (C) 2013-22 - ntop.org
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+#ifndef _IEC_INVALID_COMMAND_TRANSITION_H_
+#define _IEC_INVALID_COMMAND_TRANSITION_H_
+
+/**
+ * IMPORTANT: this is just a stop to avoid the error:
+ * 
+ * [FlowChecksLoader.cpp:253] WARNING: Unable to find flow check 'iec_invalid_command_transition': skipping it
+ * 
+ * cause the check is triggered by the IEC104Stats.cpp:300
+ */
+#include "ntop_includes.h"
+
+class IECInvalidCommandTransition : public FlowCheck {
+ private:
+  
+ public:
+  IECInvalidCommandTransition() : FlowCheck(ntopng_edition_community,
+				   false /* All interfaces */, false /* Don't exclude for nEdge */,
+				   false /* NOT only for nEdge */, false /* has_protocol_detected */,
+				   false /* has_periodic_update */, false /* has_flow_end */) {};
+  ~IECInvalidCommandTransition() {};
+  
+  std::string getName()          const { return(std::string("iec_invalid_command_transition")); }
+};
+
+#endif /* _IEC_INVALID_COMMAND_TRANSITION_H_ */
diff --git a/include/flow_checks_includes.h b/include/flow_checks_includes.h
index f8e0afaac5..fb7e087e8c 100644
--- a/include/flow_checks_includes.h
+++ b/include/flow_checks_includes.h
@@ -61,6 +61,7 @@
 #include "flow_checks/FlowRiskUnidirectionalTraffic.h"
 #include "flow_checks/IECUnexpectedTypeId.h"
 #include "flow_checks/IECInvalidTransition.h"
+#include "flow_checks/IECInvalidCommandTransition.h"
 #include "flow_checks/LowGoodputFlow.h"
 #include "flow_checks/NotPurged.h"
 #include "flow_checks/RemoteAccess.h"
diff --git a/src/FlowChecksLoader.cpp b/src/FlowChecksLoader.cpp
index 7de39c2f7d..71e0e0c5c7 100644
--- a/src/FlowChecksLoader.cpp
+++ b/src/FlowChecksLoader.cpp
@@ -100,6 +100,7 @@ void FlowChecksLoader::registerChecks() {
   if((fcb = new FlowRiskUnidirectionalTraffic()))               registerCheck(fcb);
   if((fcb = new IECUnexpectedTypeId()))                         registerCheck(fcb);
   if((fcb = new IECInvalidTransition()))                        registerCheck(fcb);
+  if((fcb = new IECInvalidCommandTransition()))                 registerCheck(fcb);
   if((fcb = new LowGoodputFlow()))                              registerCheck(fcb);
   if((fcb = new NotPurged()))                                   registerCheck(fcb);  
   if((fcb = new RemoteAccess()))                                registerCheck(fcb);