Sign-up

ID

VAR-201506-0208


CVE

CVE-2014-9201


TITLE

Beckwith Electric In multiple products TCP Session impersonation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008070

DESCRIPTION

Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. Beckwith Electric Multiple products TCP Initial sequence number (ISN) Does not properly generate the value of TCP A vulnerability exists that spoofs a session.By a third party ISN By predicting the value, TCP Sessions may be impersonated. Beckwith Electric is a transformer device in the United States. A security bypass vulnerability exists in several Beckwith Electric products. An attacker can exploit this issue to gain access to sensitive information, to cause a denial-of-service condition or session hijacking and perform certain unauthorized actions; this may lead to further attacks

Trust: 2.52

sources: NVD: CVE-2014-9201 // JVNDB: JVNDB-2014-008070 // CNVD: CNVD-2015-03660 // BID: 74970 // VULHUB: VHN-77146

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03660

AFFECTED PRODUCTS

vendor:beckwithelectricmodel:m-6280 digital capacitor bank controlscope:eqversion: -

Trust: 3.2

vendor:beckwith electricmodel:m-6280 digital capacitor bank controlscope: - version: -

Trust: 1.6

vendor:beckwithelectricmodel:m-6200a digital voltage regulator controlscope:eqversion: -

Trust: 1.6

vendor:beckwithelectricmodel:m-6280a digital capacitor bank controlscope:eqversion: -

Trust: 1.6

vendor:beckwithelectricmodel:m-6283a three phase digital capacitor bank controlscope:eqversion: -

Trust: 1.6

vendor:beckwithelectricmodel:m-2001d digital tapchanger controlscope:eqversion: -

Trust: 1.6

vendor:beckwithelectricmodel:m-6200a digital voltage regulator control d-0228scope:lteversion:02.01.07

Trust: 1.0

vendor:beckwithelectricmodel:m-6200 digital voltage regulator control d-0198scope:lteversion:04.07.00

Trust: 1.0

vendor:beckwithelectricmodel:m-6200 digital voltage regulator controlscope:eqversion: -

Trust: 1.0

vendor:beckwithelectricmodel:m-6280a digital capacitor bank control d-0254scope:lteversion:03.05.05

Trust: 1.0

vendor:beckwithelectricmodel:m-2001d digital tapchanger control d-0214scope:lteversion:01.10.04

Trust: 1.0

vendor:beckwithelectricmodel:m-6283a three phase digital capacitor bank control d-0346scope:lteversion:03.00.02

Trust: 1.0

vendor:beckwith electricmodel:m-2001d digital tapchanger controlscope: - version: -

Trust: 0.8

vendor:beckwith electricmodel:m-2001d digital tapchanger controlscope:ltversion:d-0214v01.10.04

Trust: 0.8

vendor:beckwith electricmodel:m-6200 digital voltage regulator controlscope: - version: -

Trust: 0.8

vendor:beckwith electricmodel:m-6200 digital voltage regulator controlscope:ltversion:d-0198v04.07.00

Trust: 0.8

vendor:beckwith electricmodel:m-6200a digital voltage regulator controlscope: - version: -

Trust: 0.8

vendor:beckwith electricmodel:m-6200a digital voltage regulator controlscope:ltversion:d-0228v02.01.07

Trust: 0.8

vendor:beckwith electricmodel:m-6280a digital capacitor bank controlscope: - version: -

Trust: 0.8

vendor:beckwith electricmodel:m-6280a digital capacitor bank controlscope:ltversion:d-0254v03.05.05

Trust: 0.8

vendor:beckwith electricmodel:m-6283a three phase digital capacitor bank controlscope: - version: -

Trust: 0.8

vendor:beckwith electricmodel:m-6283a three phase digital capacitor bank controlscope:ltversion:d-0346v03.00.02

Trust: 0.8

vendor:beckwithmodel:electric m-6200 digital voltage regulator contro d\342\200\2200198v04.07.00scope:ltversion: -

Trust: 0.6

vendor:beckwithmodel:electric m-6200a digital voltage regulator control d\342\200\2200228v02.01.07scope:ltversion: -

Trust: 0.6

vendor:beckwithmodel:electric m-2001d digital tapchanger control d-0214v01.10.04scope:ltversion: -

Trust: 0.6

vendor:beckwithmodel:electric m-6283a three phase digital capacitor bank control d-0346v03.00.02scope:ltversion: -

Trust: 0.6

vendor:beckwithmodel:electric m-6280a digital capacitor bank control d\342\200\2200254v03.05.05scope:ltversion: -

Trust: 0.6

vendor:beckwithmodel:electric m-6280 digital capacitor bank controlscope: - version: -

Trust: 0.6

vendor:beckwithelectricmodel:m-6200a digital voltage regulator control d-0228scope:eqversion:02.01.07

Trust: 0.6

vendor:beckwithelectricmodel:m-2001d digital tapchanger control d-0214scope:eqversion:01.10.04

Trust: 0.6

vendor:beckwithelectricmodel:m-6280a digital capacitor bank control d-0254scope:eqversion:03.05.05

Trust: 0.6

vendor:beckwithelectricmodel:m-6283a three phase digital capacitor bank control d-0346scope:eqversion:03.00.02

Trust: 0.6

vendor:beckwithmodel:electric m-6283a three phase digital capacitor bank controlscope:eqversion:0

Trust: 0.3

vendor:beckwithmodel:electric m-6280a digital capacitor bank controlscope:eqversion:0

Trust: 0.3

vendor:beckwithmodel:electric m-6280 digital capacitor bank controlscope:eqversion:0

Trust: 0.3

vendor:beckwithmodel:electric m-6200a digital voltage regulator controlscope:eqversion:0

Trust: 0.3

vendor:beckwithmodel:electric m-6200 digital voltage regulator controlscope:eqversion:0

Trust: 0.3

vendor:beckwithmodel:electric m-2001d digital tapchanger controlscope:eqversion:0

Trust: 0.3

vendor:beckwithmodel:electric m-6283a three phase digital capacitor bank control d-0346v03.00.02scope:neversion: -

Trust: 0.3

vendor:beckwithmodel:electric m-6280a digital capacitor bank control d-0254v03.05.05scope:neversion: -

Trust: 0.3

vendor:beckwithmodel:electric m-6200a digital voltage regulator control d-0228v02.01.07scope:neversion: -

Trust: 0.3

vendor:beckwithmodel:electric m-6200 digital voltage regulator control d-0198v04.07.00scope:neversion: -

Trust: 0.3

vendor:beckwithmodel:electric m-2001d digital tapchanger control d-0214v01.10.04scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-03660 // BID: 74970 // JVNDB: JVNDB-2014-008070 // CNNVD: CNNVD-201506-060 // NVD: CVE-2014-9201

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9201
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-9201
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-03660
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-060
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77146
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9201
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-03660
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-77146
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-03660 // VULHUB: VHN-77146 // JVNDB: JVNDB-2014-008070 // CNNVD: CNNVD-201506-060 // NVD: CVE-2014-9201

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-77146 // JVNDB: JVNDB-2014-008070 // NVD: CVE-2014-9201

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-060

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201506-060

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008070

PATCH
title:Top Pageurl:http://www.beckwithelectric.com/
Trust: 0.8
title:Beckwith Electric TCP incorrectly generates patches for TCP ISN value security bypass vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/59464
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-03660 // 
            
            
            
            JVNDB: JVNDB-2014-008070

EXTERNAL IDS
db:ICS CERTid:ICSA-15-153-01
Trust: 3.4
db:NVDid:CVE-2014-9201
Trust: 3.4
db:BIDid:74970
Trust: 1.6
db:JVNDBid:JVNDB-2014-008070
Trust: 0.8
db:CNNVDid:CNNVD-201506-060
Trust: 0.7
db:CNVDid:CNVD-2015-03660
Trust: 0.6
db:VULHUBid:VHN-77146
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03660 // 
            
            
            
            VULHUB: VHN-77146 // 
            
            
            
            BID: 74970 // 
            
            
            
            JVNDB: JVNDB-2014-008070 // 
            
            
            
            CNNVD: CNNVD-201506-060 // 
            
            
            
            NVD: CVE-2014-9201

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-153-01
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9201
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9201
Trust: 0.8
url:http://www.securityfocus.com/bid/74970
Trust: 0.6
url:http://www.beckwithelectric.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-03660 // 
            
            
            
            VULHUB: VHN-77146 // 
            
            
            
            BID: 74970 // 
            
            
            
            JVNDB: JVNDB-2014-008070 // 
            
            
            
            CNNVD: CNNVD-201506-060 // 
            
            
            
            NVD: CVE-2014-9201

CREDITS
Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech.
Trust: 0.9
sources:
            
            
            BID: 74970 // 
            
            
            
            CNNVD: CNNVD-201506-060

SOURCES
db:CNVDid:CNVD-2015-03660
db:VULHUBid:VHN-77146
db:BIDid:74970
db:JVNDBid:JVNDB-2014-008070
db:CNNVDid:CNNVD-201506-060
db:NVDid:CVE-2014-9201

LAST UPDATE DATE
2025-04-13T20:05:22.625000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03660date:2015-06-10T00:00:00
db:VULHUBid:VHN-77146date:2015-06-05T00:00:00
db:BIDid:74970date:2015-06-03T00:00:00
db:JVNDBid:JVNDB-2014-008070date:2015-06-08T00:00:00
db:CNNVDid:CNNVD-201506-060date:2015-06-08T00:00:00
db:NVDid:CVE-2014-9201date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-03660date:2015-06-10T00:00:00
db:VULHUBid:VHN-77146date:2015-06-05T00:00:00
db:BIDid:74970date:2015-06-03T00:00:00
db:JVNDBid:JVNDB-2014-008070date:2015-06-08T00:00:00
db:CNNVDid:CNNVD-201506-060date:2015-06-05T00:00:00
db:NVDid:CVE-2014-9201date:2015-06-05T10:59:00.083