OTPulse
FeedAboutContact

Eaton's Cooper Devices Improper Ethernet Frame Padding Vulnerability

Monitor5.3ICS-CERT ICSA-15-295-01Jul 25, 2015
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Eaton's Cooper Power Series Form 6 control and Idea/IdeaPLUS relays with Ethernet functionality and Pro View firmware versions 4.0 through 5.0 contain an improper Ethernet frame padding vulnerability. Sensitive data that should be protected in frame padding fields may be recoverable by network-based attackers, leading to information disclosure. The vulnerability does not enable changes to relay operation or denial of service, but could expose configuration or operational details.

What this means
What could happen
An attacker with network access could extract sensitive information from Ethernet frames transmitted by Cooper Power Series relays due to improper padding, potentially exposing configuration or operational data. This is a low-impact information disclosure that does not affect relay operations directly.
Who's at risk
Electric utilities and power generation facilities operating Eaton's Cooper Power Series Form 6 relays with Ethernet connectivity should be aware of this vulnerability. This affects relay control and monitoring systems used in substations, generation facilities, and distribution automation applications.
How it could be exploited
An attacker on the network segment containing the relay could capture and analyze Ethernet frames sent by the device. Due to improper frame padding, sensitive data that should be obscured may be recoverable from the padding fields, allowing extraction of information about the relay's configuration or operation.
Prerequisites
  • Network access to the relay on the Ethernet port
  • Ability to capture network traffic on the same segment (no authentication required)
  • Pro View firmware version 4.0 through 5.0 installed on the relay
Remotely exploitableNo authentication requiredLow complexityInformation disclosure onlyNo patch available for affected firmware versions
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
Eaton’s Cooper Power Series Form 6 control and Idea/IdeaPLUS relays with Ethernet using Pro View firmware: >=4.0|<=5.0≥ 4.0|≤ 5.0No fix yet
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict Ethernet access to the relays to only authorized engineering and monitoring stations using firewall rules and MAC filtering where available
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate Cooper Power Series relays on a dedicated, access-controlled VLAN separate from general IT networks
HARDENINGDeploy network monitoring and packet inspection controls to detect and log unauthorized traffic capture attempts on relay Ethernet ports
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/771c23af-d679-402f-ac5c-f4a650b29be7