diff --git a/CHANGELOG b/CHANGELOG
index f7080ea00..60e93e4b0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [GH#716][NSE] Fix for oracle-tns-version which was sending an invalid TNS
+  probe due to a string escaping mixup. [Alexandr Savca]
+
 o [GH#671][NSE] New script cics-user-brute does brute-force enumeration of CICS
   usernames on IBM TN3270 services. [Soldier of Fortran]
 
diff --git a/scripts/oracle-tns-version.nse b/scripts/oracle-tns-version.nse
index ffed904c0..470e2611c 100644
--- a/scripts/oracle-tns-version.nse
+++ b/scripts/oracle-tns-version.nse
@@ -25,12 +25,14 @@ end
 -- Lifted from nmap-service-probes
 -- TODO: Figure out if we can send a better probe than this. We might need to
 --       send ADDRESS, CID, etc.
-local oracle_tns_probe = "\0Z\0\0\x01\0\0\0\x016\x01,\0\0\x08\0\x7F\xFF\x7F\x08\0\0\0\x01\0 \0:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\04\xE6\0\0\0\x01\0\0\0\0\0\0\0\0(CONNECT_DATA=(COMMAND=version))"
+local oracle_tns_probe = "\0Z\0\0\x01\0\0\0\x016\x01,\0\0\x08\0\x7F\xFF\x7F\x08\0\0\0\x01\0 \0:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x004\xE6\0\0\0\x01\0\0\0\0\0\0\0\0(CONNECT_DATA=(COMMAND=version))"
 
 local ERR_CODES = {
   ["1189"] = "unauthorized",
   ["1194"] = "insecure transport",
+  ["12154"] = "unknown identifier",
   ["12504"] = "requires service name",
+  ["12505"] = "unknown sid",
   ["12514"] = "unknown service name",
 }