CVE-2014-9196 — HIGH (7.6) — White Hats Nepal

Vulnerability Description

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

CVSS Score

7.6

HIGH

AV:N/AC:H/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Eaton	Proview	4.0

Related Weaknesses (CWE)

CWE-342 CWE-254

References

http://www.securityfocus.com/bid/75936
https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01
https://www.eaton.com/cybersecurity
http://www.securityfocus.com/bid/75936
https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2014-9196?

CVE-2014-9196 is a vulnerability with a CVSS score of 7.6 (HIGH). Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remo...

How severe is CVE-2014-9196?

CVE-2014-9196 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-9196?

Check the references section above for vendor advisories and patch information. Affected products include: Eaton Proview.