Arbiter Systems Power Sentinel Denial-of-Service Vulnerability
Low RiskICS-CERT ICSA-12-249-01Jun 9, 2012
Summary
Arbiter Systems Power Sentinel Model 1133A contains a denial-of-service vulnerability (CWE-410) that allows disruption of device operation. The vendor has not released a patch for affected firmware versions dated 9 June 2012 or earlier.
What this means
What could happen
An attacker could disrupt the Power Sentinel's operation, potentially causing loss of time synchronization or monitoring capability in power generation or distribution systems that rely on this device.
Who's at risk
Energy sector organizations operating Arbiter Systems Power Sentinel Model 1133A devices for time synchronization, power monitoring, or grid timing applications should prioritize securing these devices. This impacts power generation plants, substations, and control centers that depend on synchronized time sources.
How it could be exploited
An attacker would need to send a malicious input or packet to the Power Sentinel to trigger the denial-of-service condition, causing the device to become unresponsive or restart.
Prerequisites
- Network access to Power Sentinel Model 1133A
- Ability to send crafted network traffic or input to the device
no patch availableend-of-life productaffects critical timing infrastructure
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
Model 1133A Power Sentinel: <=firmware_09Jun2012≤ firmware 09Jun2012No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDImplement network access controls (firewall rules, ACLs) to limit connectivity to the Power Sentinel to known trusted sources
Mitigations - no patch available
0/2Model 1133A Power Sentinel: <=firmware_09Jun2012 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate Power Sentinel devices from untrusted networks using network segmentation or firewalls to restrict access to authorized engineering and monitoring systems only
HARDENINGContact Arbiter Systems to determine if a firmware update is available or if end-of-life replacement is recommended
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4c3f7117-f4e2-403d-b959-78a504f893b6