CG Automation Improper Input Validation

Low RiskICS-CERT ICSA-14-238-01May 29, 2014

Summary

The CG Automation ePAQ-9410 Substation Gateway contains an improper input validation vulnerability (CWE-20). The device does not adequately validate incoming data, which could allow an attacker with network access to send malformed input that bypasses security controls or causes the gateway to malfunction. All versions of the ePAQ-9410 are affected, and the vendor has not released a patch.

What this means

What could happen

An attacker could send malformed input to the ePAQ-9410 gateway, potentially bypassing security controls or causing the device to malfunction, which could disrupt communication between the substation and control center.

Who's at risk

Energy utilities, particularly substation operators and control center personnel, who depend on ePAQ-9410 Substation Gateway devices for SCADA communication and automation. This affects critical substation-to-control-center data exchange.

How it could be exploited

An attacker with network access to the ePAQ-9410 gateway sends specially crafted input that is not properly validated by the device. The gateway processes the malformed data without adequate checks, allowing the attacker to bypass intended security logic or trigger unexpected behavior in the substation automation system.

Prerequisites

Network access to the ePAQ-9410 gateway
Ability to send data to the device's input interface

No patch availableAffects substation automation systemsImproper input validation can enable multiple attack types

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

ePAQ-9410 Substation Gateway: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXEvaluate whether the ePAQ-9410 can be replaced with a newer substation gateway model that has vendor support and regular security updates

Mitigations - no patch available

0/3

ePAQ-9410 Substation Gateway: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to the ePAQ-9410 gateway—only allow communication from authorized substations, control centers, and engineering workstations

HARDENINGDeploy firewall rules to limit inbound connections to the ePAQ-9410 to necessary ports and protocols only

HARDENINGMonitor all communications to and from the ePAQ-9410 for signs of malformed input or unusual traffic patterns

CVEs (2)

CVE-2014-0761 CVE-2014-0762

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/857b9349-7c50-4a14-be33-015f27ada608