cnvd - cnvd-2015-00442

cnvd-2015-00442

Vulnerability from cnvd

Title: Arbiter Systems GPS Clock存在漏洞

Description:

Arbiter 1094B GPS Substation Clock是高精度GPS时序和功耗测量解决方案。

Arbiter 1094B GPS Substation Clock存在安全漏洞，允许攻击者利用此漏洞通过特制的无线电传输伪造GPS卫星广播，造成服务中断。

Severity: 高

Patch Name: Arbiter Systems GPS Clock存在漏洞的补丁

Patch Description:

Arbiter 1094B GPS Substation Clock是高精度GPS时序和功耗测量解决方案。

Arbiter 1094B GPS Substation Clock存在安全漏洞，允许攻击者利用此漏洞通过特制的无线电传输伪造GPS卫星广播，造成服务中断。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布升级补丁/版本以修复这个安全问题，请用户及时下载更新： http://www.arbiter.com/contact/index.php

Reference: http://www.securityfocus.com/bid/72098 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9194

Impacted products

Name
Arbiter GPS Substation Clock 1094B

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72098"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-9194"
    }
  },
  "description": "Arbiter 1094B GPS Substation Clock\u662f\u9ad8\u7cbe\u5ea6GPS\u65f6\u5e8f\u548c\u529f\u8017\u6d4b\u91cf\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nArbiter 1094B GPS Substation Clock\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684\u65e0\u7ebf\u7535\u4f20\u8f93\u4f2a\u9020GPS\u536b\u661f\u5e7f\u64ad\uff0c\u9020\u6210\u670d\u52a1\u4e2d\u65ad\u3002",
  "discovererName": "Arbiter",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5347\u7ea7\u8865\u4e01/\u7248\u672c\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.arbiter.com/contact/index.php",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00442",
  "openTime": "2015-01-21",
  "patchDescription": "Arbiter 1094B GPS Substation Clock\u662f\u9ad8\u7cbe\u5ea6GPS\u65f6\u5e8f\u548c\u529f\u8017\u6d4b\u91cf\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nArbiter 1094B GPS Substation Clock\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684\u65e0\u7ebf\u7535\u4f20\u8f93\u4f2a\u9020GPS\u536b\u661f\u5e7f\u64ad\uff0c\u9020\u6210\u670d\u52a1\u4e2d\u65ad\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Arbiter Systems GPS Clock\u5b58\u5728\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Arbiter GPS Substation Clock 1094B"
  },
  "referenceLink": "http://www.securityfocus.com/bid/72098\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9194",
  "serverity": "\u9ad8",
  "submitTime": "2015-01-20",
  "title": "Arbiter Systems GPS Clock\u5b58\u5728\u6f0f\u6d1e"
}

CVE-2014-9194 (GCVE-0-2014-9194)

Vulnerability from cvelistv5

Published

2015-01-17 02:00

Modified

2025-07-29 16:56

Severity ?

CWE

CWE-345

Summary

Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.

References

▼	URL	Tags
	https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01
	http://www.arbiter.com/contact/index.php

Impacted products

	Vendor	Product	Version
	Arbiter Systems	Model 1094B GPS Substation Clock	Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:23.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Model 1094B GPS Substation Clock",
          "vendor": "Arbiter Systems",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "datePublic": "2015-01-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eArbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.\u003c/p\u003e"
            }
          ],
          "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T16:56:53.800Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01"
        },
        {
          "url": "http://www.arbiter.com/contact/index.php"
        }
      ],
      "source": {
        "advisory": "ICSA-14-345-01",
        "discovery": "UNKNOWN"
      },
      "title": "Arbiter Systems 1094B GPS Clock Insufficient Verification of Data Authenticity",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eArbiter Systems would like to stress that they have not heard of this\n vulnerability being exploited in an actual control system. They have \ncreated a new product line, the 1200 series, which is not vulnerable to \nthis type of attack.\u003c/p\u003e\n\u003cp\u003eArbiter Systems plans to continue to sell the 1094B model clock, \nbecause it is difficult to spoof the GPS signal and not likely to \nhappen. In the unlikely event that the 1094B has been compromised, it \ncan be recovered by removing and replacing the internal receiver \nbattery. Arbiter Systems plans to investigate the feasibility of \nchanging this model to protect against this type of exploit.\u003c/p\u003e\n\u003cp\u003ePlease contact Arbiter Systems Technical Support for additional questions:\u003c/p\u003e\u003cp\u003ePhone: 1-800-321-3831 or 1-805-237-3831\u003cbr\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003etechsupport@arbiter.com\u003c/a\u003e\u003c/p\u003e\u003cp\u003eWeb: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.arbiter.com/contact/index.php\"\u003ehttp://www.arbiter.com/contact/index.php\u003c/a\u003e\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Arbiter Systems would like to stress that they have not heard of this\n vulnerability being exploited in an actual control system. They have \ncreated a new product line, the 1200 series, which is not vulnerable to \nthis type of attack.\n\n\nArbiter Systems plans to continue to sell the 1094B model clock, \nbecause it is difficult to spoof the GPS signal and not likely to \nhappen. In the unlikely event that the 1094B has been compromised, it \ncan be recovered by removing and replacing the internal receiver \nbattery. Arbiter Systems plans to investigate the feasibility of \nchanging this model to protect against this type of exploit.\n\n\nPlease contact Arbiter Systems Technical Support for additional questions:\n\nPhone: 1-800-321-3831 or 1-805-237-3831\nEmail:  http://www.arbiter.com/contact/index.php"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-9194",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-9194",
    "datePublished": "2015-01-17T02:00:00",
    "dateReserved": "2014-12-02T00:00:00",
    "dateUpdated": "2025-07-29T16:56:53.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted