CVE-2014-9201 — MEDIUM (6.4)

Q: How severe is CVE-2014-9201?

CVE-2014-9201 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-9201?

Check the references section above for vendor advisories and patch information. Affected products include: Beckwithelectric M-2001D Digital Tapchanger Control, Beckwithelectric M-6200 Digital Voltage Regulator Control, Beckwithelectric M-6200A Digital Voltage Regulator Control, Beckwithelectric M-6280 Digital Capacitor Bank Control, Beckwithelectric M-6280A Digital Capacitor Bank Control.

Vulnerability Description

Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:P

Confidentiality

PARTIAL

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Beckwithelectric	M-2001D Digital Tapchanger Control	-
Beckwithelectric	M-6200 Digital Voltage Regulator Control	-
Beckwithelectric	M-6200A Digital Voltage Regulator Control	-
Beckwithelectric	M-6280 Digital Capacitor Bank Control	-
Beckwithelectric	M-6280A Digital Capacitor Bank Control	-
Beckwithelectric	M-6283A Three Phase Digital Capacitor Bank Control	-
Beckwithelectric	M-2001D Digital Tapchanger Control D-0214 Firmware	<= 01.10.04
Beckwithelectric	M-6200 Digital Voltage Regulator Control D-0198 Firmware	<= 04.07.00
Beckwithelectric	M-6200A Digital Voltage Regulator Control D-0228 Firmware	<= 02.01.07
Beckwithelectric	M-6280 Digital Capacitor Bank Control Firmware	-
Beckwithelectric	M-6280A Digital Capacitor Bank Control D-0254 Firmware	<= 03.05.05
Beckwithelectric	M-6283A Three Phase Digital Capacitor Bank Control D-0346 Firmware	<= 03.00.02

Related Weaknesses (CWE)

CWE-20

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-153-01Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-153-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2014-9201?

CVE-2014-9201 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchan...

How severe is CVE-2014-9201?

CVE-2014-9201 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-9201?

Check the references section above for vendor advisories and patch information. Affected products include: Beckwithelectric M-2001D Digital Tapchanger Control, Beckwithelectric M-6200 Digital Voltage Regulator Control, Beckwithelectric M-6200A Digital Voltage Regulator Control, Beckwithelectric M-6280 Digital Capacitor Bank Control, Beckwithelectric M-6280A Digital Capacitor Bank Control.