cnvd - cnvd-2015-00442

CNVD-2015-00442

Vulnerability from cnvd - Published: 2015-01-21

Title

Arbiter Systems GPS Clock存在漏洞

Description

Arbiter 1094B GPS Substation Clock是高精度GPS时序和功耗测量解决方案。 Arbiter 1094B GPS Substation Clock存在安全漏洞，允许攻击者利用此漏洞通过特制的无线电传输伪造GPS卫星广播，造成服务中断。

Severity

高

Patch Name

Arbiter Systems GPS Clock存在漏洞的补丁

Patch Description

Arbiter 1094B GPS Substation Clock是高精度GPS时序和功耗测量解决方案。 Arbiter 1094B GPS Substation Clock存在安全漏洞，允许攻击者利用此漏洞通过特制的无线电传输伪造GPS卫星广播，造成服务中断。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布升级补丁/版本以修复这个安全问题，请用户及时下载更新： http://www.arbiter.com/contact/index.php

Reference

http://www.securityfocus.com/bid/72098 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9194

Impacted products

Name
Arbiter GPS Substation Clock 1094B

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72098"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-9194"
    }
  },
  "description": "Arbiter 1094B GPS Substation Clock\u662f\u9ad8\u7cbe\u5ea6GPS\u65f6\u5e8f\u548c\u529f\u8017\u6d4b\u91cf\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nArbiter 1094B GPS Substation Clock\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684\u65e0\u7ebf\u7535\u4f20\u8f93\u4f2a\u9020GPS\u536b\u661f\u5e7f\u64ad\uff0c\u9020\u6210\u670d\u52a1\u4e2d\u65ad\u3002",
  "discovererName": "Arbiter",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5347\u7ea7\u8865\u4e01/\u7248\u672c\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.arbiter.com/contact/index.php",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00442",
  "openTime": "2015-01-21",
  "patchDescription": "Arbiter 1094B GPS Substation Clock\u662f\u9ad8\u7cbe\u5ea6GPS\u65f6\u5e8f\u548c\u529f\u8017\u6d4b\u91cf\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nArbiter 1094B GPS Substation Clock\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684\u65e0\u7ebf\u7535\u4f20\u8f93\u4f2a\u9020GPS\u536b\u661f\u5e7f\u64ad\uff0c\u9020\u6210\u670d\u52a1\u4e2d\u65ad\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Arbiter Systems GPS Clock\u5b58\u5728\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Arbiter GPS Substation Clock 1094B"
  },
  "referenceLink": "http://www.securityfocus.com/bid/72098\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9194",
  "serverity": "\u9ad8",
  "submitTime": "2015-01-20",
  "title": "Arbiter Systems GPS Clock\u5b58\u5728\u6f0f\u6d1e"
}

CVE-2014-9194 (GCVE-0-2014-9194)

Vulnerability from cvelistv5 – Published: 2015-01-17 02:00 – Updated: 2025-07-29 16:56

Summary

Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.

Severity ?

No CVSS data available.

CWE

CWE-345

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/i…
	http://www.arbiter.com/contact/index.php

Impacted products

	Vendor	Product	Version
	Arbiter Systems	Model 1094B GPS Substation Clock	Affected: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:23.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Model 1094B GPS Substation Clock",
          "vendor": "Arbiter Systems",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "datePublic": "2015-01-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eArbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.\u003c/p\u003e"
            }
          ],
          "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T16:56:53.800Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01"
        },
        {
          "url": "http://www.arbiter.com/contact/index.php"
        }
      ],
      "source": {
        "advisory": "ICSA-14-345-01",
        "discovery": "UNKNOWN"
      },
      "title": "Arbiter Systems 1094B GPS Clock Insufficient Verification of Data Authenticity",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eArbiter Systems would like to stress that they have not heard of this\n vulnerability being exploited in an actual control system. They have \ncreated a new product line, the 1200 series, which is not vulnerable to \nthis type of attack.\u003c/p\u003e\n\u003cp\u003eArbiter Systems plans to continue to sell the 1094B model clock, \nbecause it is difficult to spoof the GPS signal and not likely to \nhappen. In the unlikely event that the 1094B has been compromised, it \ncan be recovered by removing and replacing the internal receiver \nbattery. Arbiter Systems plans to investigate the feasibility of \nchanging this model to protect against this type of exploit.\u003c/p\u003e\n\u003cp\u003ePlease contact Arbiter Systems Technical Support for additional questions:\u003c/p\u003e\u003cp\u003ePhone: 1-800-321-3831 or 1-805-237-3831\u003cbr\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003etechsupport@arbiter.com\u003c/a\u003e\u003c/p\u003e\u003cp\u003eWeb: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.arbiter.com/contact/index.php\"\u003ehttp://www.arbiter.com/contact/index.php\u003c/a\u003e\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Arbiter Systems would like to stress that they have not heard of this\n vulnerability being exploited in an actual control system. They have \ncreated a new product line, the 1200 series, which is not vulnerable to \nthis type of attack.\n\n\nArbiter Systems plans to continue to sell the 1094B model clock, \nbecause it is difficult to spoof the GPS signal and not likely to \nhappen. In the unlikely event that the 1094B has been compromised, it \ncan be recovered by removing and replacing the internal receiver \nbattery. Arbiter Systems plans to investigate the feasibility of \nchanging this model to protect against this type of exploit.\n\n\nPlease contact Arbiter Systems Technical Support for additional questions:\n\nPhone: 1-800-321-3831 or 1-805-237-3831\nEmail:  http://www.arbiter.com/contact/index.php"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-9194",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-9194",
    "datePublished": "2015-01-17T02:00:00",
    "dateReserved": "2014-12-02T00:00:00",
    "dateUpdated": "2025-07-29T16:56:53.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-00442

CVE-2014-9194 (GCVE-0-2014-9194)

Tags

Sightings

Nomenclature