Vulnerability Details : CVE-2014-5409
The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.
Exploit prediction scoring system (EPSS) score for CVE-2014-5409
Probability of exploitation activity in the next 30 days: 0.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-5409
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2014-5409
-
https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02
GE Hydran M2 Predictable TCP Initial Sequence Vulnerability | CISAThird Party Advisory;US Government Resource
-
http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101
SSO login for SupportCentral
Products affected by CVE-2014-5409
- cpe:2.3:h:ge:hydran_m2:*:*:*:*:*:*:*:*