CVE-2014-9194 - Vulnerability Details - OpenCVE

Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arbiter	1094b Gps Substation Clock

Configuration 1 [-]

cpe:2.3:h:arbiter:1094b_gps_substation_clock:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.arbiter.com/contact/index.php
https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01
https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01

History

Tue, 29 Jul 2025 17:15:00 +0000

Type	Values Removed	Values Added
Title		Arbiter Systems 1094B GPS Clock Insufficient Verification of Data Authenticity
Weaknesses		CWE-345
References		http://www.arbiter.com/contact/index.php https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01
Metrics	cvssV2_0 `{'score': 7.8, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C'}`	cvssV2_0 `{'score': 5.4, 'vector': 'AV:N/AC:H/Au:N/C:N/I:N/A:C'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2015-01-17T02:00:00

Updated: 2025-07-29T16:56:53.800Z

Reserved: 2014-12-02T00:00:00

Link: CVE-2014-9194

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-01-17T02:59:04.710

Modified: 2025-07-29T17:15:31.390

Link: CVE-2014-9194

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Model 1094B GPS Substation Clock", "vendor": "Arbiter Systems", "versions": [{"status": "affected", "version": "all versions"}]}], "datePublic": "2015-01-13T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.</p>"}], "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."}], "metrics": [{"cvssV2_0": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-29T16:56:53.800Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01"}, {"url": "http://www.arbiter.com/contact/index.php"}], "source": {"advisory": "ICSA-14-345-01", "discovery": "UNKNOWN"}, "title": "Arbiter Systems 1094B GPS Clock Insufficient Verification of Data Authenticity", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Arbiter Systems would like to stress that they have not heard of this\n vulnerability being exploited in an actual control system. They have \ncreated a new product line, the 1200 series, which is not vulnerable to \nthis type of attack.</p>\n<p>Arbiter Systems plans to continue to sell the 1094B model clock, \nbecause it is difficult to spoof the GPS signal and not likely to \nhappen. In the unlikely event that the 1094B has been compromised, it \ncan be recovered by removing and replacing the internal receiver \nbattery. Arbiter Systems plans to investigate the feasibility of \nchanging this model to protect against this type of exploit.</p>\n<p>Please contact Arbiter Systems Technical Support for additional questions:</p><p>Phone: 1-800-321-3831 or 1-805-237-3831<br>Email: <a target=\"_blank\" rel=\"nofollow\">techsupport@arbiter.com</a></p><p>Web: <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.arbiter.com/contact/index.php\">http://www.arbiter.com/contact/index.php</a>\n\n<br></p>"}], "value": "Arbiter Systems would like to stress that they have not heard of this\n vulnerability being exploited in an actual control system. They have \ncreated a new product line, the 1200 series, which is not vulnerable to \nthis type of attack.\n\n\nArbiter Systems plans to continue to sell the 1094B model clock, \nbecause it is difficult to spoof the GPS signal and not likely to \nhappen. In the unlikely event that the 1094B has been compromised, it \ncan be recovered by removing and replacing the internal receiver \nbattery. Arbiter Systems plans to investigate the feasibility of \nchanging this model to protect against this type of exploit.\n\n\nPlease contact Arbiter Systems Technical Support for additional questions:\n\nPhone: 1-800-321-3831 or 1-805-237-3831\nEmail: http://www.arbiter.com/contact/index.php"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-9194", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:23.230Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9194", "datePublished": "2015-01-17T02:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2025-07-29T16:56:53.800Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:arbiter:1094b_gps_substation_clock:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F1C7A10-19D8-4E68-9B56-B0E73550D8D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts."}, {"lang": "es", "value": "Arbiter 1094B GPS Substation Clock permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n) a trav\u00e9s de transmisiones de radio manipuladas que falsifican emisiones de sat\u00e9lites GPS."}], "id": "CVE-2014-9194", "lastModified": "2025-07-29T17:15:31.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-17T02:59:04.710", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://www.arbiter.com/contact/index.php"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Secondary"}]}