fkie_nvd - fkie_cve-2014-9196

FKIE_CVE-2014-9196

Vulnerability from fkie_nvd - Published: 2015-07-20 01:59 - Updated: 2025-09-05 21:15

Severity ?

Summary

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/75936
ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01
ics-cert@hq.dhs.gov	https://www.eaton.com/cybersecurity
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75936
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
eaton	proview	4.0
eaton	proview	5.0
eaton	proview	5.0.1
eaton	proview	5.0.2
eaton	proview	5.0.3
eaton	proview	5.0.4
eaton	proview	5.0.5
eaton	proview	5.0.6
eaton	proview	5.0.7
eaton	proview	5.0.8
eaton	proview	5.0.9
eaton	proview	5.0.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eaton:proview:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E9D87B-D0F2-48DD-97F1-9CB5D7B319E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD294C06-DCE8-45B1-A59E-E45CB50CA089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91712733-5783-4B9A-8BD8-62A32229BC03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDCAC23C-22B9-4862-A967-453812EEAA3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "91DEAC57-6765-4470-963E-E9EC364657AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "955879A7-9F8F-47F2-B8F0-7D62AB69261D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADF48CE1-EC38-4F11-82D1-514C993AF1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9705072-55EE-46E6-B124-8C7A20D6DC03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "04909702-7055-4822-BAB8-139EBF4E409C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7484B7D1-D109-4E5E-B26F-4FEB88E68EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64750AD-BAA4-4837-BA51-87019A585C91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eaton:proview:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BFA9727-CBCA-45BC-B4BA-0B5730C05450",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value."
    },
    {
      "lang": "es",
      "value": "\u0027ulnerabilidad en Eaton Cooper Power Systems ProView en las versiones 4.0 y 5.0 anterior a la 5.0 11 Form 6 controles e Idea e IdeaPLUS relay genera un n\u00famero TCP inicial de secuencia (ISN) de valores lineales, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos falsificar las sesiones TCP al predecir un valor ISN."
    }
  ],
  "id": "CVE-2014-9196",
  "lastModified": "2025-09-05T21:15:33.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "userInteractionRequired": false
      },
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-20T01:59:01.113",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.securityfocus.com/bid/75936"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.eaton.com/cybersecurity"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-342"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

CVE-2014-9196 (GCVE-0-2014-9196)

Vulnerability from cvelistv5 – Published: 2015-07-20 01:00 – Updated: 2025-09-05 21:11

Summary

Severity ?

No CVSS data available.

CWE

CWE-342

Assigner

icscert

References

URL

Tags

	http://www.securityfocus.com/bid/75936	vdb-entryx_refsource_BID
	https://www.cisa.gov/news-events/ics-advisories/i…
	https://www.eaton.com/cybersecurity

Impacted products

Vendor

Product

Version

Eaton’s Cooper Power Systems

Series Form 6

Affected: Pro View 4.0 , ≤ Pro View 5.0 (custom)

Eaton’s Cooper Power Systems

Idea/IdeaPLUS relays

Affected: Pro View 4.0 , ≤ Pro View 5.0 (custom)

Credits

Dr. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech National Electric Energy Testing Research and Applications Center (NEETRAC)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:24.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "75936",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75936"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Series Form 6",
          "vendor": "Eaton\u2019s Cooper Power Systems",
          "versions": [
            {
              "lessThanOrEqual": "Pro View 5.0",
              "status": "affected",
              "version": "Pro View 4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Idea/IdeaPLUS relays",
          "vendor": "Eaton\u2019s Cooper Power Systems",
          "versions": [
            {
              "lessThanOrEqual": "Pro View 5.0",
              "status": "affected",
              "version": "Pro View 4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dr. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech National Electric Energy Testing Research and Applications Center (NEETRAC)"
        }
      ],
      "datePublic": "2015-07-16T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.\u003c/p\u003e"
            }
          ],
          "value": "Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-342",
              "description": "CWE-342",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-05T21:11:15.864Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "75936",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75936"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01"
        },
        {
          "url": "https://www.eaton.com/cybersecurity"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEaton\u2019s Cooper Power Systems division has developed ProView 5.0 \nRevision 11 software that mitigates this vulnerability, and the Form 6 \ncontrol version was released on June 12, 2015. Idea/IdeaPLUS relay \nProView software versions began to be posted on June 30, 2015. \nProView 5.0 Revision 11 will be compatible with any hardware and \nfirmware Versions 5.0 and higher. Versions below 5.0 may be updated with\n the appropriate and corresponding hardware upgrades. Information on how\n to obtain and install these available remedies is available at:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.cooperindustries.com/content/public/en/power_systems/resources/securitysupport.html\"\u003ehttp://www.cooperindustries.com/content/public/en/power_systems/resources/securitysupport.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFor additional technical information, please contact Eaton\u2019s Cooper Power Systems at:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.eaton.com/cybersecurity\"\u003ehttps://www.eaton.com/cybersecurity\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Eaton\u2019s Cooper Power Systems division has developed ProView 5.0 \nRevision 11 software that mitigates this vulnerability, and the Form 6 \ncontrol version was released on June 12, 2015. Idea/IdeaPLUS relay \nProView software versions began to be posted on June 30, 2015. \nProView 5.0 Revision 11 will be compatible with any hardware and \nfirmware Versions 5.0 and higher. Versions below 5.0 may be updated with\n the appropriate and corresponding hardware upgrades. Information on how\n to obtain and install these available remedies is available at:\n\n\n http://www.cooperindustries.com/content/public/en/power_systems/resources/securitysupport.html \n\n\nFor additional technical information, please contact Eaton\u2019s Cooper Power Systems at:\n\n\n https://www.eaton.com/cybersecurity"
        }
      ],
      "source": {
        "advisory": "ICSA-15-006-01",
        "discovery": "EXTERNAL"
      },
      "title": "Eaton\u2019s Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNo authentication mechanism was used for new socket connections to \nSCADA protocol listening ports on the Form 6 control and Idea/IdeaPLUS \nrelays. The effects of exploiting this vulnerability are the same as the\n effects of an attacker connecting directly to the control or network \nand listening for or initiating a new session, without exploiting any \nvulnerabilities. This underscores the importance of deploying network \nsegmentation and isolation on the control system network. By ensuring \nthat controls are not accessible from external networks and that \nappropriate physical security measures are provided at network access \npoints, risks associated with this vulnerability are greatly minimized.\u003c/p\u003e\n\u003cp\u003eEaton\u2019s Cooper Power Systems recommends that asset owners using these\n products take the proper steps to ensure system wide defense-in-depth \nstrategies, as outlined in Eaton\u2019s whitepaper WP152002EN. This \nwhitepaper can be downloaded at:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.eaton.com/content/dam/eaton/products/industrialcontrols-drives-automation-sensors/c441-motor-insight-motor-protection-relays/cyber-security-white-paper-wp152002en.pdf\"\u003ehttps://www.eaton.com/content/dam/eaton/products/industrialcontrols-drives-automation-sensors/c441-motor-insight-motor-protection-relays/cyber-security-white-paper-wp152002en.pdf\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "No authentication mechanism was used for new socket connections to \nSCADA protocol listening ports on the Form 6 control and Idea/IdeaPLUS \nrelays. The effects of exploiting this vulnerability are the same as the\n effects of an attacker connecting directly to the control or network \nand listening for or initiating a new session, without exploiting any \nvulnerabilities. This underscores the importance of deploying network \nsegmentation and isolation on the control system network. By ensuring \nthat controls are not accessible from external networks and that \nappropriate physical security measures are provided at network access \npoints, risks associated with this vulnerability are greatly minimized.\n\n\nEaton\u2019s Cooper Power Systems recommends that asset owners using these\n products take the proper steps to ensure system wide defense-in-depth \nstrategies, as outlined in Eaton\u2019s whitepaper WP152002EN. This \nwhitepaper can be downloaded at:\n\n\n https://www.eaton.com/content/dam/eaton/products/industrialcontrols-drives-automation-sensors/c441-motor-insight-motor-protection-relays/cyber-security-white-paper-wp152002en.pdf"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-9196",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "75936",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75936"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-9196",
    "datePublished": "2015-07-20T01:00:00",
    "dateReserved": "2014-12-02T00:00:00",
    "dateUpdated": "2025-09-05T21:11:15.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2014-9196

CVE-2014-9196 (GCVE-0-2014-9196)

Tags

Sightings

Nomenclature