PT-2015-3804 · Ge Digital Energy · Ge Digital Energy Hydran M2

David Formby

Published

2015-03-14

Updated

2025-11-03

CVE-2014-5409

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions GE Digital Energy Hydran M2 versions before 94450214LFMT100SEM-L.R3-CL

Description The issue concerns the generation of random values for TCP Initial Sequence Numbers (ISNs) in the Ethernet card. Specifically, it does not properly generate these values, making it easier for remote attackers to spoof packets by predicting the ISNs.

Recommendations For versions before 94450214LFMT100SEM-L.R3-CL, update to version 94450214LFMT100SEM-L.R3-CL or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-343

Related Identifiers

CVE-2014-5409

Affected Products

Ge Digital Energy Hydran M2

PT-2015-3804 · Ge Digital Energy · Ge Digital Energy Hydran M2

CVE-2014-5409

Weakness Enumeration

Related Identifiers

Affected Products

References · 6