CVE-2014-5409

GE Hydran M2 Predictable Value Range from Previous Values

CVSS 6.4 EPSS 2.7%CWE-343

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.4EPSS 2.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 mar 2015Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.

AV:N/AC:L/Au:N/C:P/I:N/A:P

Produtos afetados

GE · Hydran M2, containing the 17046 Ethernet option

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-041-02.json https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02 https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02