OTPulse
FeedAboutContact

Eaton Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet Vulnerability

Low RiskICS-CERT ICSA-15-006-01Oct 9, 2015
Summary

Eaton's Cooper Power Series Form 6 control and Idea/IdeaPLUS relays with Ethernet interfaces using Pro View 4.0 through 5.0 software fail to encrypt sensitive configuration and operational data transmitted over the network. An attacker with network access can read relay settings, control setpoints, alarm thresholds, and other operational parameters without authentication. CWE-342 (Predictable from External Input).

What this means
What could happen
An attacker with network access could read sensitive configuration and operational data from the relay, potentially revealing control setpoints, alarm thresholds, and other critical relay settings that could enable follow-on attacks on power distribution operations.
Who's at risk
Energy sector operators managing power distribution systems using Eaton Cooper Form 6 control relays and Idea/IdeaPLUS relays with Ethernet connectivity and Pro View software should evaluate their network exposure. This affects utilities and industrial facilities that rely on these protection relays for power distribution monitoring and control.
How it could be exploited
An attacker on the network sends unencrypted Ethernet requests to the relay's Pro View interface (port typically 502 or similar) without authentication. The relay responds with sensitive configuration and operational parameters that are transmitted in cleartext, allowing the attacker to intercept and read them.
Prerequisites
  • Network access to the relay's Ethernet port
  • No authentication required to read configuration data
remotely exploitableno authentication requiredno patch availableaffects safety systems
Exploitability
Moderate exploit probability (EPSS 2.7%)
Affected products (1)
ProductAffected VersionsFix Status
Eaton’s Cooper Power Series Form 6 control and Idea/IdeaPLUS relays with Ethernet with Pro View 4.0 through Pro View 5.0 software: vers:all/*All versionsNo fix yet
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict network access to Form 6 and Idea/IdeaPLUS relays via firewall rules; only allow trusted engineering workstations and SCADA systems to communicate with the relay on the Pro View port
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to relays for unauthorized Pro View interface access attempts
Long-term hardening
0/1
HARDENINGImplement network segmentation to isolate relay management traffic from general production networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/15a66359-0673-4fb9-95c5-e80d07ab4de7