CVE-2014-9194

Arbiter Systems 1094B GPS Clock Insufficient Verification of Data Authenticity

Description

Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.

Remediation

Workaround:

  • Arbiter Systems would like to stress that they have not heard of this vulnerability being exploited in an actual control system. They have created a new product line, the 1200 series, which is not vulnerable to this type of attack. Arbiter Systems plans to continue to sell the 1094B model clock, because it is difficult to spoof the GPS signal and not likely to happen. In the unlikely event that the 1094B has been compromised, it can be recovered by removing and replacing the internal receiver battery. Arbiter Systems plans to investigate the feasibility of changing this model to protect against this type of exploit. Please contact Arbiter Systems Technical Support for additional questions: Phone: 1-800-321-3831 or 1-805-237-3831 Email: http://www.arbiter.com/contact/index.php

Categories

5.4
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 0.46%
Third-Party Advisory us-cert.gov
Affected: Arbiter Systems Model 1094B GPS Substation Clock
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-14-345-01
http://www.arbiter.com/contact/index.php
https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2014-9194?
CVE-2014-9194 has been scored as a medium severity vulnerability.
How to fix CVE-2014-9194?
As a workaround for remediating CVE-2014-9194: Arbiter Systems would like to stress that they have not heard of this vulnerability being exploited in an actual control system. They have created a new product line, the 1200 series, which is not vulnerable to this type of attack. Arbiter Systems plans to continue to sell the 1094B model clock, because it is difficult to spoof the GPS signal and not likely to happen. In the unlikely event that the 1094B has been compromised, it can be recovered by removing and replacing the internal receiver battery. Arbiter Systems plans to investigate the feasibility of changing this model to protect against this type of exploit. Please contact Arbiter Systems Technical Support for additional questions: Phone: 1-800-321-3831 or 1-805-237-3831 Email: http://www.arbiter.com/contact/index.php
Is CVE-2014-9194 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2014-9194 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2014-9194?
CVE-2014-9194 affects Arbiter Systems Model 1094B GPS Substation Clock.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.