CVE-2014-9196

Summary

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Affected Software

VendorProductVersion RangeStatus
Eaton’s Cooper Power SystemsSeries Form 6Pro View 4.0 <= Pro View 5.0affected
Eaton’s Cooper Power SystemsIdea/IdeaPLUS relaysPro View 4.0 <= Pro View 5.0affected

Weaknesses

  • CWE-342: CWE-342

Workarounds

No authentication mechanism was used for new socket connections to SCADA protocol listening ports on the Form 6 control and Idea/IdeaPLUS relays. The effects of exploiting this vulnerability are the same as the effects of an attacker connecting directly to the control or network and listening for or initiating a new session, without exploiting any vulnerabilities. This underscores the importance of deploying network segmentation and isolation on the control system network. By ensuring that controls are not accessible from external networks and that appropriate physical security measures are provided at network access points, risks associated with this vulnerability are greatly minimized.

Eaton’s Cooper Power Systems recommends that asset owners using these products take the proper steps to ensure system wide defense-in-depth strategies, as outlined in Eaton’s whitepaper WP152002EN. This whitepaper can be downloaded at:

https://www.eaton.com/content/dam/eaton/products/industrialcontrols-drives-automation-sensors/c441-motor-insight-motor-protection-relays/cyber-security-white-paper-wp152002en.pdf

ADP Enrichment

CVE Program Container

Additional References

References