Vulnerability Description
The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge | Hydran M2 | All versions |
Related Weaknesses (CWE)
References
- http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=1
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-04
- https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02
- http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=1
- https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-5409?
CVE-2014-5409 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier fo...
How severe is CVE-2014-5409?
CVE-2014-5409 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5409?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Hydran M2.