CVE-2014-5409 : The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate

The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.

Published 2015-03-14 01:59:00

Updated 2015-03-16 16:26:29

Source ICS-CERT

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-5409

Probability of exploitation activity in the next 30 days: 0.38%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-5409

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2014-5409

https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02

GE Hydran M2 Predictable TCP Initial Sequence Vulnerability | CISA
Third Party Advisory;US Government Resource
http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101

SSO login for SupportCentral

Products affected by CVE-2014-5409

GE » Hydran M2
cpe:2.3:h:ge:hydran_m2:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-5409

Exploit prediction scoring system (EPSS) score for CVE-2014-5409

CVSS scores for CVE-2014-5409

References for CVE-2014-5409

Products affected by CVE-2014-5409