← voltar
CVE-2014-9196

Eaton’s Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet

CVSS 7.6 EPSS 2.3%CWE-342
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.6EPSS 2.3%KEV nãoPoC Patch
Ciclo de vida
20 jul 2015Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
AV:N/AC:H/Au:N/C:C/I:C/A:C
Produtos afetados
Eaton’s Cooper Power Systems · Idea/IdeaPLUS relaysEaton’s Cooper Power Systems · Series Form 6

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01https://www.eaton.com/cybersecurityhttp://www.securityfocus.com/bid/75936