CVE-2014-5409

EUVD-2014-5297
The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
gehydran_m2
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-041-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02
http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101
https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02