CVE-2014-5409 - Vulnerability Details

Vendors	Products
Ge	Hydran M2

Source	ID	Title
EUVD	EUVD-2014-5297	The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.

Link	Providers
http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-041-02.json
https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02
https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02

Type	Values Removed	Values Added
Title	GE Hydran M2	GE Hydran M2 Predictable Value Range from Previous Values

Type	Values Removed	Values Added
Title		GE Hydran M2
Weaknesses		CWE-343
References		https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-041-02.json https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02
Metrics	cvssV2_0 `{'score': 5.0, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N'}`	cvssV2_0 `{'score': 6.4, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:P'}`

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hydran M2, containing the 17046 Ethernet option", "vendor": "GE", "versions": [{"lessThan": "October 2014", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech"}], "datePublic": "2015-03-10T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values."}], "value": "The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-343", "description": "CWE-343", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-11-03T18:58:26.900Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02"}, {"tags": ["x_refsource_MISC"], "url": "http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-041-02.json"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "GE Digital Energy has released a new version of the Ethernet option, \nwhich resolves the identified vulnerability in newly released Hydran M2 \ndevices. The update changes the sequence algorithm, which makes it \nimprobable that a TCP sequence attack could succeed. The version of \nEthernet card that implements this improvement is \n94450214LFMT100SEM-L.R3-CL.\n\n "}], "value": "GE Digital Energy has released a new version of the Ethernet option, \nwhich resolves the identified vulnerability in newly released Hydran M2 \ndevices. The update changes the sequence algorithm, which makes it \nimprobable that a TCP sequence attack could succeed. The version of \nEthernet card that implements this improvement is \n94450214LFMT100SEM-L.R3-CL."}], "source": {"advisory": "ICSA-15-041-02", "discovery": "EXTERNAL"}, "title": "GE Hydran M2 Predictable Value Range from Previous Values", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There is no method to update Hydran M2 devices released prior to \nOctober 2014. GE Digital Energy recommends that utilities using older \nversions of the Hydran M2 device implement network security defensive \nmeasures, to include the following:\n\u2022     Place the Hydran M2 inside the control system network security perimeter with access controls and monitoring.\n\u2022     Minimize network exposure to all other control system devices. \nControl system devices should not directly face the Internet or business\n networks.\n\u2022     Locate control system networks and devices behind properly \nconfigured firewalls, and isolate them from the business network.\n\u2022     When remote access is required, use secure methods, such as \nVirtual Private Networks (VPNs), recognizing that VPNs may have \nvulnerabilities and should be updated to the most current version \navailable. Also recognize that VPN is only as secure as the connected \ndevices.\nGE Digital Energy\u2019s Product Bulletin is available in at the following location, with a user account:\n<a target=\"_blank\" rel=\"nofollow\" href=\"http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101\">http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101</a>\n\n "}], "value": "There is no method to update Hydran M2 devices released prior to \nOctober 2014. GE Digital Energy recommends that utilities using older \nversions of the Hydran M2 device implement network security defensive \nmeasures, to include the following:\n\n\n\u2022 \u00a0 \u00a0 Place the Hydran M2 inside the control system network security perimeter with access controls and monitoring.\n\n\n\u2022 \u00a0 \u00a0 Minimize network exposure to all other control system devices. \nControl system devices should not directly face the Internet or business\n networks.\n\n\n\u2022 \u00a0 \u00a0 Locate control system networks and devices behind properly \nconfigured firewalls, and isolate them from the business network.\n\n\n\u2022 \u00a0 \u00a0 When remote access is required, use secure methods, such as \nVirtual Private Networks (VPNs), recognizing that VPNs may have \nvulnerabilities and should be updated to the most current version \navailable. Also recognize that VPN is only as secure as the connected \ndevices.\n\n\nGE Digital Energy\u2019s Product Bulletin is available in at the following location, with a user account:\n\n\n http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-5409", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02"}, {"name": "http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101", "refsource": "MISC", "url": "http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:41:49.209Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-5409", "datePublished": "2015-03-14T01:00:00", "dateReserved": "2014-08-22T00:00:00", "dateUpdated": "2025-11-03T18:58:26.900Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ge:hydran_m2:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B9F1FE4-F235-4238-ABC0-9D31A22255B4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values."}, {"lang": "es", "value": "La tarjeta Ethernet 17046 anterior a 94450214LFMT100SEM-L.R3-CL para el GE Digital Energy Hydran M2 no genera de forma adecuada valores aleatrorios de TCP Initial Sequence Numbers (ISNs), lo que hace m\u00e1s f\u00e1cil a atacantes remotos suplantar paquetes mediante la predicci\u00f3n de dichos valores."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/330.html\">CWE-330: Use of Insufficiently Random Values</a>", "id": "CVE-2014-5409", "lastModified": "2025-11-03T19:15:39.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-14T01:59:00.067", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-041-02.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-343"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object