github - ghsa-p245-xq49-84qm

ghsa-p245-xq49-84qm

Vulnerability from github

Published

2022-05-17 04:14

Modified

2025-07-29 18:30

Details

Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-9194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-17T02:59:00Z",
    "severity": "HIGH"
  },
  "details": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.",
  "id": "GHSA-p245-xq49-84qm",
  "modified": "2025-07-29T18:30:26Z",
  "published": "2022-05-17T04:14:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9194"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01"
    },
    {
      "type": "WEB",
      "url": "http://www.arbiter.com/contact/index.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2014-9194 (GCVE-0-2014-9194)

Vulnerability from cvelistv5

Published

2015-01-17 02:00

Modified

2025-07-29 16:56

Severity ?

CWE

CWE-345

Summary

Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01
	http://www.arbiter.com/contact/index.php

Impacted products

	Vendor	Product	Version
	Arbiter Systems	Model 1094B GPS Substation Clock	Version: all versions

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:23.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Model 1094B GPS Substation Clock",
          "vendor": "Arbiter Systems",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "datePublic": "2015-01-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eArbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.\u003c/p\u003e"
            }
          ],
          "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T16:56:53.800Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01"
        },
        {
          "url": "http://www.arbiter.com/contact/index.php"
        }
      ],
      "source": {
        "advisory": "ICSA-14-345-01",
        "discovery": "UNKNOWN"
      },
      "title": "Arbiter Systems 1094B GPS Clock Insufficient Verification of Data Authenticity",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eArbiter Systems would like to stress that they have not heard of this\n vulnerability being exploited in an actual control system. They have \ncreated a new product line, the 1200 series, which is not vulnerable to \nthis type of attack.\u003c/p\u003e\n\u003cp\u003eArbiter Systems plans to continue to sell the 1094B model clock, \nbecause it is difficult to spoof the GPS signal and not likely to \nhappen. In the unlikely event that the 1094B has been compromised, it \ncan be recovered by removing and replacing the internal receiver \nbattery. Arbiter Systems plans to investigate the feasibility of \nchanging this model to protect against this type of exploit.\u003c/p\u003e\n\u003cp\u003ePlease contact Arbiter Systems Technical Support for additional questions:\u003c/p\u003e\u003cp\u003ePhone: 1-800-321-3831 or 1-805-237-3831\u003cbr\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003etechsupport@arbiter.com\u003c/a\u003e\u003c/p\u003e\u003cp\u003eWeb: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.arbiter.com/contact/index.php\"\u003ehttp://www.arbiter.com/contact/index.php\u003c/a\u003e\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Arbiter Systems would like to stress that they have not heard of this\n vulnerability being exploited in an actual control system. They have \ncreated a new product line, the 1200 series, which is not vulnerable to \nthis type of attack.\n\n\nArbiter Systems plans to continue to sell the 1094B model clock, \nbecause it is difficult to spoof the GPS signal and not likely to \nhappen. In the unlikely event that the 1094B has been compromised, it \ncan be recovered by removing and replacing the internal receiver \nbattery. Arbiter Systems plans to investigate the feasibility of \nchanging this model to protect against this type of exploit.\n\n\nPlease contact Arbiter Systems Technical Support for additional questions:\n\nPhone: 1-800-321-3831 or 1-805-237-3831\nEmail:  http://www.arbiter.com/contact/index.php"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-9194",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-9194",
    "datePublished": "2015-01-17T02:00:00",
    "dateReserved": "2014-12-02T00:00:00",
    "dateUpdated": "2025-07-29T16:56:53.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.