CVE-2014-5409 : The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Ene

The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.

Published 2015-03-14 01:59:00

Updated 2025-04-12 10:46:41

Source ICS-CERT

View at NVD, CVE.org

Products affected by CVE-2014-5409

GE » Hydran M2
cpe:2.3:h:ge:hydran_m2:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-5409

EPSS FAQ

0.58%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 68 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-5409

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2014-5409

https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02

GE Hydran M2 Predictable TCP Initial Sequence Vulnerability | CISA
Third Party Advisory;US Government Resource
http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101

SSO login for SupportCentral

Jump to

Vulnerability Details : CVE-2014-5409

Products affected by CVE-2014-5409

Exploit prediction scoring system (EPSS) score for CVE-2014-5409

CVSS scores for CVE-2014-5409

References for CVE-2014-5409