CVE-2014-9196 - Vulnerability Details - OpenCVE

ReportizFlow

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eaton	Proview

Configuration 1 [-]

OR	cpe:2.3:a:eaton:proview:4.0:::::::*
	cpe:2.3:a:eaton:proview:5.0:::::::*
	cpe:2.3:a:eaton:proview:5.0.1:::::::*
	cpe:2.3:a:eaton:proview:5.0.2:::::::*
	cpe:2.3:a:eaton:proview:5.0.3:::::::*
	cpe:2.3:a:eaton:proview:5.0.4:::::::*
	cpe:2.3:a:eaton:proview:5.0.5:::::::*
	cpe:2.3:a:eaton:proview:5.0.6:::::::*
	cpe:2.3:a:eaton:proview:5.0.7:::::::*
	cpe:2.3:a:eaton:proview:5.0.8:::::::*
	cpe:2.3:a:eaton:proview:5.0.9:::::::*
	cpe:2.3:a:eaton:proview:5.0.10:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/75936
https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01
https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01
https://www.eaton.com/cybersecurity

History

Fri, 05 Sep 2025 21:15:00 +0000

Type	Values Removed	Values Added
Title		Eaton’s Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet
Weaknesses		CWE-342
References		https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01 https://www.eaton.com/cybersecurity
Metrics	cvssV2_0 `{'score': 9.3, 'vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C'}`	cvssV2_0 `{'score': 7.6, 'vector': 'AV:N/AC:H/Au:N/C:C/I:C/A:C'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2015-07-20T01:00:00

Updated: 2025-09-05T21:11:15.864Z

Reserved: 2014-12-02T00:00:00

Link: CVE-2014-9196

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-07-20T01:59:01.113

Modified: 2025-09-05T21:15:33.743

Link: CVE-2014-9196

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Series Form 6", "vendor": "Eaton\u2019s Cooper Power Systems", "versions": [{"lessThanOrEqual": "Pro View 5.0", "status": "affected", "version": "Pro View 4.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Idea/IdeaPLUS relays", "vendor": "Eaton\u2019s Cooper Power Systems", "versions": [{"lessThanOrEqual": "Pro View 5.0", "status": "affected", "version": "Pro View 4.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dr. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech National Electric Energy Testing Research and Applications Center (NEETRAC)"}], "datePublic": "2015-07-16T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.</p>"}], "value": "Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value."}], "metrics": [{"cvssV2_0": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-342", "description": "CWE-342", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-05T21:11:15.864Z"}, "references": [{"name": "75936", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75936"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01"}, {"url": "https://www.eaton.com/cybersecurity"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Eaton\u2019s Cooper Power Systems division has developed ProView 5.0 \nRevision 11 software that mitigates this vulnerability, and the Form 6 \ncontrol version was released on June 12, 2015. Idea/IdeaPLUS relay \nProView software versions began to be posted on June 30, 2015. \nProView 5.0 Revision 11 will be compatible with any hardware and \nfirmware Versions 5.0 and higher. Versions below 5.0 may be updated with\n the appropriate and corresponding hardware upgrades. Information on how\n to obtain and install these available remedies is available at:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.cooperindustries.com/content/public/en/power_systems/resources/securitysupport.html\">http://www.cooperindustries.com/content/public/en/power_systems/resources/securitysupport.html</a></p>\n<p>For additional technical information, please contact Eaton\u2019s Cooper Power Systems at:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.eaton.com/cybersecurity\">https://www.eaton.com/cybersecurity</a></p>\n\n<br>"}], "value": "Eaton\u2019s Cooper Power Systems division has developed ProView 5.0 \nRevision 11 software that mitigates this vulnerability, and the Form 6 \ncontrol version was released on June 12, 2015. Idea/IdeaPLUS relay \nProView software versions began to be posted on June 30, 2015. \nProView 5.0 Revision 11 will be compatible with any hardware and \nfirmware Versions 5.0 and higher. Versions below 5.0 may be updated with\n the appropriate and corresponding hardware upgrades. Information on how\n to obtain and install these available remedies is available at:\n\n\n http://www.cooperindustries.com/content/public/en/power_systems/resources/securitysupport.html \n\n\nFor additional technical information, please contact Eaton\u2019s Cooper Power Systems at:\n\n\n https://www.eaton.com/cybersecurity"}], "source": {"advisory": "ICSA-15-006-01", "discovery": "EXTERNAL"}, "title": "Eaton\u2019s Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>No authentication mechanism was used for new socket connections to \nSCADA protocol listening ports on the Form 6 control and Idea/IdeaPLUS \nrelays. The effects of exploiting this vulnerability are the same as the\n effects of an attacker connecting directly to the control or network \nand listening for or initiating a new session, without exploiting any \nvulnerabilities. This underscores the importance of deploying network \nsegmentation and isolation on the control system network. By ensuring \nthat controls are not accessible from external networks and that \nappropriate physical security measures are provided at network access \npoints, risks associated with this vulnerability are greatly minimized.</p>\n<p>Eaton\u2019s Cooper Power Systems recommends that asset owners using these\n products take the proper steps to ensure system wide defense-in-depth \nstrategies, as outlined in Eaton\u2019s whitepaper WP152002EN. This \nwhitepaper can be downloaded at:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.eaton.com/content/dam/eaton/products/industrialcontrols-drives-automation-sensors/c441-motor-insight-motor-protection-relays/cyber-security-white-paper-wp152002en.pdf\">https://www.eaton.com/content/dam/eaton/products/industrialcontrols-drives-automation-sensors/c441-motor-insight-motor-protection-relays/cyber-security-white-paper-wp152002en.pdf</a></p>\n\n<br>"}], "value": "No authentication mechanism was used for new socket connections to \nSCADA protocol listening ports on the Form 6 control and Idea/IdeaPLUS \nrelays. The effects of exploiting this vulnerability are the same as the\n effects of an attacker connecting directly to the control or network \nand listening for or initiating a new session, without exploiting any \nvulnerabilities. This underscores the importance of deploying network \nsegmentation and isolation on the control system network. By ensuring \nthat controls are not accessible from external networks and that \nappropriate physical security measures are provided at network access \npoints, risks associated with this vulnerability are greatly minimized.\n\n\nEaton\u2019s Cooper Power Systems recommends that asset owners using these\n products take the proper steps to ensure system wide defense-in-depth \nstrategies, as outlined in Eaton\u2019s whitepaper WP152002EN. This \nwhitepaper can be downloaded at:\n\n\n https://www.eaton.com/content/dam/eaton/products/industrialcontrols-drives-automation-sensors/c441-motor-insight-motor-protection-relays/cyber-security-white-paper-wp152002en.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2014-9196", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "75936", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75936"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:24.315Z"}, "title": "CVE Program Container", "references": [{"name": "75936", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75936"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9196", "datePublished": "2015-07-20T01:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2025-09-05T21:11:15.864Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eaton:proview:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "09E9D87B-D0F2-48DD-97F1-9CB5D7B319E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD294C06-DCE8-45B1-A59E-E45CB50CA089", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "91712733-5783-4B9A-8BD8-62A32229BC03", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FDCAC23C-22B9-4862-A967-453812EEAA3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "91DEAC57-6765-4470-963E-E9EC364657AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "955879A7-9F8F-47F2-B8F0-7D62AB69261D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "ADF48CE1-EC38-4F11-82D1-514C993AF1FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "B9705072-55EE-46E6-B124-8C7A20D6DC03", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "04909702-7055-4822-BAB8-139EBF4E409C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "7484B7D1-D109-4E5E-B26F-4FEB88E68EB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "E64750AD-BAA4-4837-BA51-87019A585C91", "vulnerable": true}, {"criteria": "cpe:2.3:a:eaton:proview:5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "5BFA9727-CBCA-45BC-B4BA-0B5730C05450", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value."}, {"lang": "es", "value": "'ulnerabilidad en Eaton Cooper Power Systems ProView en las versiones 4.0 y 5.0 anterior a la 5.0 11 Form 6 controles e Idea e IdeaPLUS relay genera un n\u00famero TCP inicial de secuencia (ISN) de valores lineales, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos falsificar las sesiones TCP al predecir un valor ISN."}], "id": "CVE-2014-9196", "lastModified": "2025-09-05T21:15:33.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-20T01:59:01.113", "references": [{"source": "[email protected]", "url": "http://www.securityfocus.com/bid/75936"}, {"source": "[email protected]", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01"}, {"source": "[email protected]", "url": "https://www.eaton.com/cybersecurity"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/75936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-342"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-254"}], "source": "[email protected]", "type": "Secondary"}]}