CVE-2014-5409
CVE-2014-5409 is a medium-severity vulnerability in Ge Hydran M2 with a CVSS 2.0 base score of 6.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-343.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.4)
- EPSS exploit prediction: 3% (84th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-343
- Affected product: Ge Hydran M2
- Published:
- Last modified:
Description
The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.
Frequently asked questions
- What is CVE-2014-5409?
- The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.
- How severe is CVE-2014-5409?
- CVE-2014-5409 has a CVSS 2.0 base score of 6.4, rated medium severity.
- Is CVE-2014-5409 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (84th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2014-5409?
- CVE-2014-5409 affects Ge Hydran M2. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2014-5409?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2014-5409 published?
- CVE-2014-5409 was published on 2015-03-14 and last updated on 2026-06-17.
References
- http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-041-02.json
- https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02
- https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02
Affected products (1)
- cpe:2.3:h:ge:hydran_m2:*:*:*:*:*:*:*:*
Other CWE-343 vulnerabilities
- CVE-2026-32694 — Medium (CVSS 6.6): In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret…
- CVE-2026-33221 — Medium (CVSS 5.3): Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload…