{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Model 1094B GPS Substation Clock", "vendor": "Arbiter Systems", "versions": [{"status": "affected", "version": "all versions"}]}], "datePublic": "2015-01-13T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.</p>"}], "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."}], "metrics": [{"cvssV2_0": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-29T16:56:53.800Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01"}, {"url": "http://www.arbiter.com/contact/index.php"}], "source": {"advisory": "ICSA-14-345-01", "discovery": "UNKNOWN"}, "title": "Arbiter Systems 1094B GPS Clock Insufficient Verification of Data Authenticity", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Arbiter Systems would like to stress that they have not heard of this\n vulnerability being exploited in an actual control system. They have \ncreated a new product line, the 1200 series, which is not vulnerable to \nthis type of attack.</p>\n<p>Arbiter Systems plans to continue to sell the 1094B model clock, \nbecause it is difficult to spoof the GPS signal and not likely to \nhappen. In the unlikely event that the 1094B has been compromised, it \ncan be recovered by removing and replacing the internal receiver \nbattery. Arbiter Systems plans to investigate the feasibility of \nchanging this model to protect against this type of exploit.</p>\n<p>Please contact Arbiter Systems Technical Support for additional questions:</p><p>Phone: 1-800-321-3831 or 1-805-237-3831<br>Email: <a target=\"_blank\" rel=\"nofollow\">techsupport@arbiter.com</a></p><p>Web: <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.arbiter.com/contact/index.php\">http://www.arbiter.com/contact/index.php</a>\n\n<br></p>"}], "value": "Arbiter Systems would like to stress that they have not heard of this\n vulnerability being exploited in an actual control system. They have \ncreated a new product line, the 1200 series, which is not vulnerable to \nthis type of attack.\n\n\nArbiter Systems plans to continue to sell the 1094B model clock, \nbecause it is difficult to spoof the GPS signal and not likely to \nhappen. In the unlikely event that the 1094B has been compromised, it \ncan be recovered by removing and replacing the internal receiver \nbattery. Arbiter Systems plans to investigate the feasibility of \nchanging this model to protect against this type of exploit.\n\n\nPlease contact Arbiter Systems Technical Support for additional questions:\n\nPhone: 1-800-321-3831 or 1-805-237-3831\nEmail: http://www.arbiter.com/contact/index.php"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-9194", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:23.230Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9194", "datePublished": "2015-01-17T02:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2025-07-29T16:56:53.800Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:arbiter:1094b_gps_substation_clock:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F1C7A10-19D8-4E68-9B56-B0E73550D8D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."}, {"lang": "es", "value": "Arbiter 1094B GPS Substation Clock permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n) a trav\u00e9s de transmisiones de radio manipuladas que falsifican emisiones de sat\u00e9lites GPS."}], "id": "CVE-2014-9194", "lastModified": "2025-07-29T17:15:31.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-17T02:59:04.710", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://www.arbiter.com/contact/index.php"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}