PT-2015-4156 · Beckwith Electric · M-6200A Digital Voltage Regulator Control+3
Published
2015-06-05
·
Updated
2015-06-05
·
CVE-2014-9201
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Beckwith Electric M-6200 Digital Voltage Regulator Control versions before D-0198V04.07.00
Beckwith Electric M-6200A Digital Voltage Regulator Control versions before D-0228V02.01.07
Beckwith Electric M-2001D Digital Tapchanger Control versions before D-0214V01.10.04
Beckwith Electric M-6283A Three Phase Digital Capacitor Bank Control versions before D-0346V03.00.02
Beckwith Electric M-6280A Digital Capacitor Bank Control versions before D-0254V03.05.05
Beckwith Electric M-6280 Digital Capacitor Bank Control (affected versions not specified)
Description
The issue is related to the improper generation of TCP initial sequence number (ISN) values, making it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
Recommendations
For M-6200 Digital Voltage Regulator Control versions before D-0198V04.07.00, update to firmware version D-0198V04.07.00 or later.
For M-6200A Digital Voltage Regulator Control versions before D-0228V02.01.07, update to firmware version D-0228V02.01.07 or later.
For M-2001D Digital Tapchanger Control versions before D-0214V01.10.04, update to firmware version D-0214V01.10.04 or later.
For M-6283A Three Phase Digital Capacitor Bank Control versions before D-0346V03.00.02, update to firmware version D-0346V03.00.02 or later.
For M-6280A Digital Capacitor Bank Control versions before D-0254V03.05.05, update to firmware version D-0254V03.05.05 or later.
For M-6280 Digital Capacitor Bank Control, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
M-2001D Digital Tapchanger Control
M-6200A Digital Voltage Regulator Control
M-6280A Digital Capacitor Bank Control
M-6283A Three Phase Digital Capacitor Bank Control