CVE-2014-5418 — MEDIUM (5.0)

Q: How severe is CVE-2014-5418?

CVE-2014-5418 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-5418?

Check the references section above for vendor advisories and patch information. Affected products include: Ge Multilink Ml810 Firmware, Ge Multilink Ml810, Ge Multilink Ml1600 Firmware, Ge Multilink Ml1600, Ge Multilink Ml1200 Firmware.

Vulnerability Description

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Ge	Multilink Ml810 Firmware	<= 5.2.0
Ge	Multilink Ml810	-
Ge	Multilink Ml1600 Firmware	<= 4.2.1
Ge	Multilink Ml1600	-
Ge	Multilink Ml1200 Firmware	<= 4.2.1
Ge	Multilink Ml1200	-
Ge	Multilink Ml3000 Firmware	<= 5.2.0
Ge	Multilink Ml3000	All versions
Ge	Multilink Ml2400 Firmware	<= 4.2.1
Ge	Multilink Ml2400	-
Ge	Multilink Ml3100 Firmware	<= 5.2.0
Ge	Multilink Ml3100	All versions
Ge	Multilink Ml800 Firmware	<= 4.2.1
Ge	Multilink Ml800	-

Related Weaknesses (CWE)

CWE-400 CWE-399

References

http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdfVendor Advisory
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-01
https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a
http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdfVendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2014-5418?

CVE-2014-5418 is a vulnerability with a CVSS score of 5.0 (MEDIUM). GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause...

How severe is CVE-2014-5418?

CVE-2014-5418 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-5418?

Check the references section above for vendor advisories and patch information. Affected products include: Ge Multilink Ml810 Firmware, Ge Multilink Ml810, Ge Multilink Ml1600 Firmware, Ge Multilink Ml1600, Ge Multilink Ml1200 Firmware.