(NTP) vulnerabilities

Eaton response to NTP vulnerabilities
Electrical Sector and its Product Cybersecurity team continue
to evaluate the potential exposure of its products to the
Network Time Protocol (NTP) vulnerabilities
The Network Time Protocol
(NTP) provides networked
systems and devices with a way
to synchronize time for various
services and applications. There
are several vulnerabilities that
have been reported against NTP
version 4.2.7 and below.
•
The buffer overflow
vulnerabilities may allow
a remote unauthenticated
attacker to execute arbitrary
code with the privilege level
of the running service
•
The weak default key and
non-cryptographic random
number generator may allow
an attacker to gain information
regarding the integrity
checking, authentication
encryption schemes or access
to private mode and control
mode queries that require
authentication, if not restricted
by the configuration
Eaton has reviewed the included
list of Linux products and
confirmed that they currently are
not affected by this vulnerability.
Product line name
Product name
UCA Com-platform
Open Source Software
Zero 88
Zero 88
Zero 88
Zero 88
Zero 88
ALC
ALC
ALC
ALC
ALC
iLight / iLumin
iLight / iLumin
iLight / iLumin
iLight / iLumin
iLight / iLumin
iLight / iLumin
iLight / iLumin
Greengate
Greengate
Greengate
Fifth Light
Fifth Light
Fifth Light
Fifth Light
Fifth Light
Fifth Light
Fifth Light
Wireless
Wireless
Outdoor RF
Outdoor RF
Outdoor RF
Smart Grids
Protective relays
Protective relays
Protective relays
Protective relays
Protective relays
Protective relays
Protective relays
Protective relays
Protective relays
Protective relays
ACB trip units
Predictive diagnostics
C441R, C441T, C441U, C441V
NUT
Theatrical desks
Fixed racks
Portable racks
Mobile applications
ZerOS software
Area controllers
Lighting control modules
Wallstations
Sensors
Interface modules
Source controllers
Wallstations
Touchscreens
Interface modules
Sensors
Time clock
Mobile applications
Stand-alone panels
Interface modules
Wallstations
Lighting control panels
Relay panels
DALI control devices
DALI wallstations
DALI sensors
Lighting management software
Mobile applications
245U-E, 450U-E, 945U-E
915U
Gateway/manager
Gateway
RF multi-sensor
RTU
EDR-3000
EDR-4000
EDR-5000
EMR-3000
EMR-4000
EMR-5000
ETR-4000
ETR-5000
EGR-4000
EGR-5000
ECAM
InsulGard communications board
Continued on next page.
Product line name
Product name
Product line name
Product name
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Single-Phase–Region
UPS–Three-Phase–Region
UPS–Three-Phase–Region
UPS–Three-Phase–Region
UPS–Three-Phase–Region
UPS–Three-Phase–Region
UPS–Three-Phase–Region
UPS–Three-Phase–Region
UPS–Three-Phase–Region
UPS-Comms
UPS-Comms
UPS-Comms
EMC2
EMC4J
UPS-Comms card
UPS-Comms card
UPS-Comms card
UPS-Comms card
UPS-Comms card
UPS-Comms card
UPS-Software–NUT
UPS-Software–PM VA (IBM)
UPS-Software–UPM VA (HP)
UPS-Software
Castle 1~3 K
EATON DX 1~3 K
Castle 6~20 K
Claire
Claire Vista
Spring
Vigor
Matrix
Titan 6~20 K
Titan Vista 6~20 K
Titan 1~3 K
Titan Vista 1~3 K
Elite 6~10 K
Elite 1~3 K
Conquer
RT Online
Innova Tower LV 1~3 K
Innova Tower 1~3 K
Innova Tower 6~10 K
Innova RT 1~3 K
Innova RT 6~10 K
Innova Combo 10~20 K
Enigma
ATS-16
Cobra 15K
EATON DX 10~20 K
Castle 20~80 K
EATON 9E 20~80 K
Array MP
Array 3A3
PPM (precision power module)
Gripower
CMC (Modbus)
Relay card
Webpower
IPM Windows
IPM Windows
NMC
G3 ePDU/HP MA PDU
NMC HP
NMC IBM
NMC DELL
HP Monitored PDU (Glandore)
IPP
IPM Windows
UPM Windows
HPPP
Solar Inverter
Solar Inverter
Solar Inverter
Solar Inverter
Solar Inverter
Solar Inverter
Solar-Comms
Solar-Comms
Controller
Controller
ETI
ETI
ETI
ETI
MVC
MVC
Network protectors
Pow-R-Command
Pow-R-Command 2000
Substation automation
Substation automation
AMI (RF)
AMI (RF)
Controls and relays
Controls and relays
Controls and relays
Controls and relays
Controls and relays
Controls and relays
MVA/MVS
AMI (PLC)
Cap bank controller
Cap bank controller
Smart Sensor
Smart Sensor
AT-S+
ZB-S
ZB-S
ZB-S
ZB-S / AT-S + slave luminaires
ZB-S / AT-S + slave luminaires
ZB-S / AT-S + slave luminaires
ZB-S / AT-S + slave luminaires
ZB-S / AT-S + slave luminaires
CGLine + luminaires
WAVES
SS motor control
1.5 G single-phase 1.5 kW ~ 6 kW
Three-phase 10 kW
Three-phase 25 kW, 35 kW
ULS1 Series (single-phase 4~7 kW for U.S. market)
2G1P (single-phase 1.5 kW ~ 6 kW)
2G3P (three-phase 10, 15, 20 kW)
Ethernet card
2G3P Data Logger 2
SC100
SC200
EVSE AC
EVSE AC Next Gen Comms
EVSE AC Next Gen SEC
Quick DC Next Gen
XP3
XP3
VaultGard
PRC5000 controller
PRC750E, 1000E, 1500E, 2000E controller
SMP I/O Rackmount base unit
SMP I/O 2U
Eka-Gateway
RFN-Gateway 1.5
CL-7 Voltage Regulator Control
Form 4D Recloser Control
SPEAR Recloser Control
FXD NOVAc Control
FXD NOVAi Control
Form 7 Recloser Control
Nature Smart Switchgear
CCU721
CBC7000
CBC8000
Theft Advisor
Outage Advisor Series II (aka GA2)
Webmodul
Webmodul with Modbus
Webmodul
Charger technology
CU-CG-S / CU-S+ Control Unit
Switch-over units SKU xxx CG-S
Switch-over units SU S+ and SOU xx
DLS/3PH-BUS-Modul
TLS-BUS-Modul
CG-Controller CGLine
IPC
DG1 (Galaxy)
If you are aware of other issues affecting Eaton products or know
of products that do not appear on this list, contact the ES Product
Cybersecurity at [email protected].
Eaton
1000 Eaton Boulevard
Cleveland, OH 44122
United States
Eaton.com
© 2015 Eaton
All Rights Reserved
Printed in USA
Publication No. SA152006EN / Z16152
January 2015
Eaton is a registered trademark.
All other trademarks are property
of their respective owners.