CVE-2014-9201

Published Jun 5, 2015

Last updated 9 years ago

CVSS info 6.4

Overview

Description: Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:beckwithelectric:m-2001d_digital_tapchanger_control:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5887C1B7-6F67-40BC-AD30-EDE2A41C927D"
          },
          {
            "criteria": "cpe:2.3:h:beckwithelectric:m-6200_digital_voltage_regulator_control:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57F30CF8-8FCF-42D9-9B39-D959429ED769"
          },
          {
            "criteria": "cpe:2.3:h:beckwithelectric:m-6200a_digital_voltage_regulator_control:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7048ABB-7792-4D1C-9F41-0C43174A718B"
          },
          {
            "criteria": "cpe:2.3:h:beckwithelectric:m-6280_digital_capacitor_bank_control:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "011AD704-1724-43CC-85EF-7AA1765EDB3B"
          },
          {
            "criteria": "cpe:2.3:h:beckwithelectric:m-6280a_digital_capacitor_bank_control:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3DA7C7D-85FB-47E6-9D20-FE4F53EAC4C2"
          },
          {
            "criteria": "cpe:2.3:h:beckwithelectric:m-6283a_three_phase_digital_capacitor_bank_control:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "286B76C5-6D03-4E70-985B-A1B60E86C6DF"
          },
          {
            "criteria": "cpe:2.3:o:beckwithelectric:m-2001d_digital_tapchanger_control_d-0214_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1031150D-C53C-4DF8-97C7-E3D41DF4C196",
            "versionEndIncluding": "01.10.04"
          },
          {
            "criteria": "cpe:2.3:o:beckwithelectric:m-6200_digital_voltage_regulator_control_d-0198_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5D190EA-400D-4624-A6EB-D0140DCA9D77",
            "versionEndIncluding": "04.07.00"
          },
          {
            "criteria": "cpe:2.3:o:beckwithelectric:m-6200a_digital_voltage_regulator_control_d-0228_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE2F6366-C2DB-44C2-B389-371E34EAF9B6",
            "versionEndIncluding": "02.01.07"
          },
          {
            "criteria": "cpe:2.3:o:beckwithelectric:m-6280_digital_capacitor_bank_control_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FB63219-FBE1-4F96-9272-E1A97456B601"
          },
          {
            "criteria": "cpe:2.3:o:beckwithelectric:m-6280a_digital_capacitor_bank_control_d-0254_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21CF5B1A-A569-46FA-9CD3-0BFBE3FB61B2",
            "versionEndIncluding": "03.05.05"
          },
          {
            "criteria": "cpe:2.3:o:beckwithelectric:m-6283a_three_phase_digital_capacitor_bank_control_d-0346_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE1B59AD-33D6-4901-B2C4-F6A7498BFA7B",
            "versionEndIncluding": "03.00.02"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References