Eaton response to NTP vulnerabilities Electrical Sector and its Product Cybersecurity team continue to evaluate the potential exposure of its products to the Network Time Protocol (NTP) vulnerabilities The Network Time Protocol (NTP) provides networked systems and devices with a way to synchronize time for various services and applications. There are several vulnerabilities that have been reported against NTP version 4.2.7 and below. • The buffer overflow vulnerabilities may allow a remote unauthenticated attacker to execute arbitrary code with the privilege level of the running service • The weak default key and non-cryptographic random number generator may allow an attacker to gain information regarding the integrity checking, authentication encryption schemes or access to private mode and control mode queries that require authentication, if not restricted by the configuration Eaton has reviewed the included list of Linux products and confirmed that they currently are not affected by this vulnerability. Product line name Product name UCA Com-platform Open Source Software Zero 88 Zero 88 Zero 88 Zero 88 Zero 88 ALC ALC ALC ALC ALC iLight / iLumin iLight / iLumin iLight / iLumin iLight / iLumin iLight / iLumin iLight / iLumin iLight / iLumin Greengate Greengate Greengate Fifth Light Fifth Light Fifth Light Fifth Light Fifth Light Fifth Light Fifth Light Wireless Wireless Outdoor RF Outdoor RF Outdoor RF Smart Grids Protective relays Protective relays Protective relays Protective relays Protective relays Protective relays Protective relays Protective relays Protective relays Protective relays ACB trip units Predictive diagnostics C441R, C441T, C441U, C441V NUT Theatrical desks Fixed racks Portable racks Mobile applications ZerOS software Area controllers Lighting control modules Wallstations Sensors Interface modules Source controllers Wallstations Touchscreens Interface modules Sensors Time clock Mobile applications Stand-alone panels Interface modules Wallstations Lighting control panels Relay panels DALI control devices DALI wallstations DALI sensors Lighting management software Mobile applications 245U-E, 450U-E, 945U-E 915U Gateway/manager Gateway RF multi-sensor RTU EDR-3000 EDR-4000 EDR-5000 EMR-3000 EMR-4000 EMR-5000 ETR-4000 ETR-5000 EGR-4000 EGR-5000 ECAM InsulGard communications board Continued on next page. Product line name Product name Product line name Product name UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Single-Phase–Region UPS–Three-Phase–Region UPS–Three-Phase–Region UPS–Three-Phase–Region UPS–Three-Phase–Region UPS–Three-Phase–Region UPS–Three-Phase–Region UPS–Three-Phase–Region UPS–Three-Phase–Region UPS-Comms UPS-Comms UPS-Comms EMC2 EMC4J UPS-Comms card UPS-Comms card UPS-Comms card UPS-Comms card UPS-Comms card UPS-Comms card UPS-Software–NUT UPS-Software–PM VA (IBM) UPS-Software–UPM VA (HP) UPS-Software Castle 1~3 K EATON DX 1~3 K Castle 6~20 K Claire Claire Vista Spring Vigor Matrix Titan 6~20 K Titan Vista 6~20 K Titan 1~3 K Titan Vista 1~3 K Elite 6~10 K Elite 1~3 K Conquer RT Online Innova Tower LV 1~3 K Innova Tower 1~3 K Innova Tower 6~10 K Innova RT 1~3 K Innova RT 6~10 K Innova Combo 10~20 K Enigma ATS-16 Cobra 15K EATON DX 10~20 K Castle 20~80 K EATON 9E 20~80 K Array MP Array 3A3 PPM (precision power module) Gripower CMC (Modbus) Relay card Webpower IPM Windows IPM Windows NMC G3 ePDU/HP MA PDU NMC HP NMC IBM NMC DELL HP Monitored PDU (Glandore) IPP IPM Windows UPM Windows HPPP Solar Inverter Solar Inverter Solar Inverter Solar Inverter Solar Inverter Solar Inverter Solar-Comms Solar-Comms Controller Controller ETI ETI ETI ETI MVC MVC Network protectors Pow-R-Command Pow-R-Command 2000 Substation automation Substation automation AMI (RF) AMI (RF) Controls and relays Controls and relays Controls and relays Controls and relays Controls and relays Controls and relays MVA/MVS AMI (PLC) Cap bank controller Cap bank controller Smart Sensor Smart Sensor AT-S+ ZB-S ZB-S ZB-S ZB-S / AT-S + slave luminaires ZB-S / AT-S + slave luminaires ZB-S / AT-S + slave luminaires ZB-S / AT-S + slave luminaires ZB-S / AT-S + slave luminaires CGLine + luminaires WAVES SS motor control 1.5 G single-phase 1.5 kW ~ 6 kW Three-phase 10 kW Three-phase 25 kW, 35 kW ULS1 Series (single-phase 4~7 kW for U.S. market) 2G1P (single-phase 1.5 kW ~ 6 kW) 2G3P (three-phase 10, 15, 20 kW) Ethernet card 2G3P Data Logger 2 SC100 SC200 EVSE AC EVSE AC Next Gen Comms EVSE AC Next Gen SEC Quick DC Next Gen XP3 XP3 VaultGard PRC5000 controller PRC750E, 1000E, 1500E, 2000E controller SMP I/O Rackmount base unit SMP I/O 2U Eka-Gateway RFN-Gateway 1.5 CL-7 Voltage Regulator Control Form 4D Recloser Control SPEAR Recloser Control FXD NOVAc Control FXD NOVAi Control Form 7 Recloser Control Nature Smart Switchgear CCU721 CBC7000 CBC8000 Theft Advisor Outage Advisor Series II (aka GA2) Webmodul Webmodul with Modbus Webmodul Charger technology CU-CG-S / CU-S+ Control Unit Switch-over units SKU xxx CG-S Switch-over units SU S+ and SOU xx DLS/3PH-BUS-Modul TLS-BUS-Modul CG-Controller CGLine IPC DG1 (Galaxy) If you are aware of other issues affecting Eaton products or know of products that do not appear on this list, contact the ES Product Cybersecurity at [email protected]. Eaton 1000 Eaton Boulevard Cleveland, OH 44122 United States Eaton.com © 2015 Eaton All Rights Reserved Printed in USA Publication No. SA152006EN / Z16152 January 2015 Eaton is a registered trademark. All other trademarks are property of their respective owners.
© Copyright 2024