Sign-up

ID

VAR-201501-0438


CVE

CVE-2014-5418


TITLE

plural GE MultiLink ML Service disruption in series switch firmware (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-007734

DESCRIPTION

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets. The General Electric Company is the world's largest manufacturer of electrical equipment, electrical and electronic equipment. Multiple General Electric (GE) products have a denial of service vulnerability that allows an attacker to exploit a vulnerability to submit a special message to consume switch resources and restart the device. An attacker can exploit this issue to exhaust the switch resources and cause the device to reboot; causing denial-of-service condition. There are security vulnerabilities in several GE switches

Trust: 2.7

sources: NVD: CVE-2014-5418 // JVNDB: JVNDB-2014-007734 // CNVD: CNVD-2015-00450 // BID: 72066 // IVD: a9025e9e-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-73359

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a9025e9e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00450

AFFECTED PRODUCTS

vendor:gemodel:multilink ml1600scope:eqversion: -

Trust: 1.2

vendor:gemodel:multilink ml2400scope:eqversion: -

Trust: 1.2

vendor:gemodel:multilink ml800scope:eqversion: -

Trust: 1.2

vendor:gemodel:multilink ml1200scope:eqversion: -

Trust: 1.2

vendor:gemodel:multilink ml810scope:eqversion: -

Trust: 1.2

vendor:gemodel:multilink ml1600scope:lteversion:4.2.1

Trust: 1.0

vendor:gemodel:multilink ml3000scope:eqversion:*

Trust: 1.0

vendor:gemodel:multilink ml810scope:lteversion:5.2.0

Trust: 1.0

vendor:gemodel:multilink ml1200scope:lteversion:4.2.1

Trust: 1.0

vendor:gemodel:multilink ml2400scope:lteversion:4.2.1

Trust: 1.0

vendor:gemodel:multilink ml3100scope:lteversion:5.2.0

Trust: 1.0

vendor:gemodel:multilink ml800scope:lteversion:4.2.1

Trust: 1.0

vendor:gemodel:multilink ml3100scope:eqversion:*

Trust: 1.0

vendor:gemodel:multilink ml3000scope:lteversion:5.2.0

Trust: 1.0

vendor:gemodel:multilink ml3100scope:eqversion:5.2.0

Trust: 0.8

vendor:gemodel:multilink ml1200scope:eqversion:4.2.1

Trust: 0.8

vendor:gemodel:multilink ml1600scope:eqversion:4.2.1

Trust: 0.8

vendor:gemodel:multilink ml2400scope:eqversion:4.2.1

Trust: 0.8

vendor:gemodel:multilink ml3000scope:eqversion:5.2.0

Trust: 0.8

vendor:gemodel:multilink ml810scope:eqversion:5.2.0

Trust: 0.8

vendor:gemodel:multilink ml800scope:eqversion:4.2.1

Trust: 0.8

vendor:general electricmodel:multilink ml1200scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml1200scope:lteversion:4.2.1

Trust: 0.8

vendor:general electricmodel:multilink ml1600scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml1600scope:lteversion:4.2.1

Trust: 0.8

vendor:general electricmodel:multilink ml2400scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml2400scope:lteversion:4.2.1

Trust: 0.8

vendor:general electricmodel:multilink ml3000scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml3000scope:lteversion:5.2.0

Trust: 0.8

vendor:general electricmodel:multilink ml3100scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml3100scope:lteversion:5.2.0

Trust: 0.8

vendor:general electricmodel:multilink ml800scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml800scope:lteversion:4.2.1

Trust: 0.8

vendor:general electricmodel:multilink ml810scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml810scope:lteversion:5.2.0

Trust: 0.8

vendor:generalmodel:electric ge multilink ml800scope: - version: -

Trust: 0.6

vendor:generalmodel:electric ge multilink ml1200scope: - version: -

Trust: 0.6

vendor:generalmodel:electric ge multilink ml1600scope: - version: -

Trust: 0.6

vendor:generalmodel:electric ge multilink ml2400 switches withscope:eqversion:4.2.1

Trust: 0.6

vendor:generalmodel:electric ge multilink ml810scope: - version: -

Trust: 0.6

vendor:generalmodel:electric ge multilink ml3000scope: - version: -

Trust: 0.6

vendor:generalmodel:electric ge multilink ml3100 switches withscope:eqversion:5.2.0

Trust: 0.6

vendor:generalmodel:electric multilink ml810scope:eqversion:5.1

Trust: 0.3

vendor:generalmodel:electric multilink ml800scope:eqversion:4.2

Trust: 0.3

vendor:generalmodel:electric multilink ml3100scope:eqversion:5.1

Trust: 0.3

vendor:generalmodel:electric multilink ml3000scope:eqversion:5.1

Trust: 0.3

vendor:generalmodel:electric multilink ml2400scope:eqversion:4.2

Trust: 0.3

vendor:generalmodel:electric multilink ml1600scope:eqversion:4.2

Trust: 0.3

vendor:generalmodel:electric multilink ml1200scope:eqversion:4.2

Trust: 0.3

vendor:generalmodel:electric multilink ml810scope:neversion:5.2

Trust: 0.3

vendor:generalmodel:electric multilink ml800scope:neversion:4.2.1

Trust: 0.3

vendor:generalmodel:electric multilink ml3100scope:neversion:5.2

Trust: 0.3

vendor:generalmodel:electric multilink ml3000scope:neversion:5.2

Trust: 0.3

vendor:generalmodel:electric multilink ml2400scope:neversion:4.2.1

Trust: 0.3

vendor:generalmodel:electric multilink ml1600scope:neversion:4.2.1

Trust: 0.3

vendor:generalmodel:electric multilink ml1200scope:neversion:4.2.1

Trust: 0.3

vendor:gemodel:multilink ml3000scope: - version: -

Trust: 0.2

vendor:gemodel:multilink ml3100scope: - version: -

Trust: 0.2

vendor:gemodel:multilink ml810/ml3000//ml3100scope:lteversion:<=5.2.0

Trust: 0.2

vendor:gemodel:multilink ml800/ml1200/ml1600/ml2400scope:lteversion:<=4.2.1

Trust: 0.2

sources: IVD: a9025e9e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00450 // BID: 72066 // JVNDB: JVNDB-2014-007734 // CNNVD: CNNVD-201501-349 // NVD: CVE-2014-5418

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5418
value: HIGH

Trust: 1.0

NVD: CVE-2014-5418
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-00450
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201501-349
value: HIGH

Trust: 0.6

IVD: a9025e9e-2351-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-73359
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-5418
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-00450
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a9025e9e-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-73359
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: a9025e9e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00450 // VULHUB: VHN-73359 // JVNDB: JVNDB-2014-007734 // CNNVD: CNNVD-201501-349 // NVD: CVE-2014-5418

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-73359 // JVNDB: JVNDB-2014-007734 // NVD: CVE-2014-5418

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-349

TYPE

Resource management error

Trust: 0.8

sources: IVD: a9025e9e-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201501-349

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007734

PATCH
title:RSA Private Key & DoS Vulnerabiltyurl:http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf
Trust: 0.8
title:Patches for denial of service vulnerabilities in multiple General Electric (GE) productsurl:https://www.cnvd.org.cn/patchInfo/show/54201
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-00450 // 
            
            
            
            JVNDB: JVNDB-2014-007734

EXTERNAL IDS
db:NVDid:CVE-2014-5418
Trust: 3.6
db:ICS CERTid:ICSA-15-013-04
Trust: 3.4
db:BIDid:72066
Trust: 1.6
db:CNNVDid:CNNVD-201501-349
Trust: 0.9
db:CNVDid:CNVD-2015-00450
Trust: 0.8
db:JVNDBid:JVNDB-2014-007734
Trust: 0.8
db:IVDid:A9025E9E-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-73359
Trust: 0.1
sources:
            
            
            IVD: a9025e9e-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-00450 // 
            
            
            
            VULHUB: VHN-73359 // 
            
            
            
            BID: 72066 // 
            
            
            
            JVNDB: JVNDB-2014-007734 // 
            
            
            
            CNNVD: CNNVD-201501-349 // 
            
            
            
            NVD: CVE-2014-5418

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-013-04
Trust: 3.4
url:http://www.gedigitalenergy.com/products/support/multilink/mlsb1214.pdf
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5418
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5418
Trust: 0.8
url:http://www.securityfocus.com/bid/72066/
Trust: 0.6
url:http://www.securityfocus.com/bid/72066
Trust: 0.6
url:http://www.ge.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-00450 // 
            
            
            
            VULHUB: VHN-73359 // 
            
            
            
            BID: 72066 // 
            
            
            
            JVNDB: JVNDB-2014-007734 // 
            
            
            
            CNNVD: CNNVD-201501-349 // 
            
            
            
            NVD: CVE-2014-5418

CREDITS
Eireann Leverett of IOActive
Trust: 0.9
sources:
            
            
            BID: 72066 // 
            
            
            
            CNNVD: CNNVD-201501-349

SOURCES
db:IVDid:a9025e9e-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-00450
db:VULHUBid:VHN-73359
db:BIDid:72066
db:JVNDBid:JVNDB-2014-007734
db:CNNVDid:CNNVD-201501-349
db:NVDid:CVE-2014-5418

LAST UPDATE DATE
2025-04-13T23:36:29.359000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-00450date:2015-01-21T00:00:00
db:VULHUBid:VHN-73359date:2015-01-21T00:00:00
db:BIDid:72066date:2015-01-13T00:00:00
db:JVNDBid:JVNDB-2014-007734date:2015-01-23T00:00:00
db:CNNVDid:CNNVD-201501-349date:2015-01-19T00:00:00
db:NVDid:CVE-2014-5418date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:a9025e9e-2351-11e6-abef-000c29c66e3ddate:2015-01-21T00:00:00
db:CNVDid:CNVD-2015-00450date:2015-01-21T00:00:00
db:VULHUBid:VHN-73359date:2015-01-17T00:00:00
db:BIDid:72066date:2015-01-13T00:00:00
db:JVNDBid:JVNDB-2014-007734date:2015-01-23T00:00:00
db:CNNVDid:CNNVD-201501-349date:2015-01-16T00:00:00
db:NVDid:CVE-2014-5418date:2015-01-17T02:59:01.223