CVE-2014-9201

Name of the Vulnerable Software and Affected Versions Beckwith Electric M-6200 Digital Voltage Regulator Control versions before D-0198V04.07.00 Beckwith Electric M-6200A Digital Voltage Regulator Control versions before D-0228V02.01.07 Beckwith Electric M-2001D Digital Tapchanger Control versions before D-0214V01.10.04 Beckwith Electric M-6283A Three Phase Digital Capacitor Bank Control versions before D-0346V03.00.02 Beckwith Electric M-6280A Digital Capacitor Bank Control versions before D-0254V03.05.05 Beckwith Electric M-6280 Digital Capacitor Bank Control (affected versions not specified)

Description The issue is related to the improper generation of TCP initial sequence number (ISN) values, making it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Recommendations For M-6200 Digital Voltage Regulator Control versions before D-0198V04.07.00, update to firmware version D-0198V04.07.00 or later. For M-6200A Digital Voltage Regulator Control versions before D-0228V02.01.07, update to firmware version D-0228V02.01.07 or later. For M-2001D Digital Tapchanger Control versions before D-0214V01.10.04, update to firmware version D-0214V01.10.04 or later. For M-6283A Three Phase Digital Capacitor Bank Control versions before D-0346V03.00.02, update to firmware version D-0346V03.00.02 or later. For M-6280A Digital Capacitor Bank Control versions before D-0254V03.05.05, update to firmware version D-0254V03.05.05 or later. For M-6280 Digital Capacitor Bank Control, at the moment, there is no information about a newer version that contains a fix for this vulnerability.