Sign-up

ID

VAR-201501-0439


CVE

CVE-2014-5419


TITLE

plural GE MultiLink ML Series Switch Firmware Vulnerability to Retrieve Plain Text Content of Network Traffic

Trust: 0.8

sources: JVNDB: JVNDB-2014-007735

DESCRIPTION

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. The General Electric Company is the world's largest manufacturer of electrical equipment, electrical and electronic equipment. Multiple General Electric (GE) products have security vulnerabilities that allow an attacker to exploit this vulnerability to obtain sensitive information, perform unauthorized operations, or initiate a denial of service attack. This may lead to further attacks

Trust: 2.7

sources: NVD: CVE-2014-5419 // JVNDB: JVNDB-2014-007735 // CNVD: CNVD-2015-00451 // BID: 72069 // IVD: a90487d2-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-73360

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a90487d2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00451

AFFECTED PRODUCTS

vendor:gemodel:multilink ml2400scope:eqversion: -

Trust: 1.2

vendor:gemodel:multilink ml800scope:eqversion: -

Trust: 1.2

vendor:gemodel:multilink ml1600scope:eqversion: -

Trust: 1.2

vendor:gemodel:multilink ml1200scope:eqversion: -

Trust: 1.2

vendor:gemodel:multilink ml810scope:eqversion: -

Trust: 1.2

vendor:gemodel:multilink ml1600scope:lteversion:4.2.1

Trust: 1.0

vendor:gemodel:multilink ml3000scope:eqversion:*

Trust: 1.0

vendor:gemodel:multilink ml810scope:lteversion:5.2.0

Trust: 1.0

vendor:gemodel:multilink ml1200scope:lteversion:4.2.1

Trust: 1.0

vendor:gemodel:multilink ml2400scope:lteversion:4.2.1

Trust: 1.0

vendor:gemodel:multilink ml3100scope:lteversion:5.2.0

Trust: 1.0

vendor:gemodel:multilink ml800scope:lteversion:4.2.1

Trust: 1.0

vendor:gemodel:multilink ml3100scope:eqversion:*

Trust: 1.0

vendor:gemodel:multilink ml3000scope:lteversion:5.2.0

Trust: 1.0

vendor:gemodel:multilink ml1200scope:eqversion:4.2.1

Trust: 0.8

vendor:gemodel:multilink ml3100scope:eqversion:5.2.0

Trust: 0.8

vendor:gemodel:multilink ml2400scope:eqversion:4.2.1

Trust: 0.8

vendor:gemodel:multilink ml3000scope:eqversion:5.2.0

Trust: 0.8

vendor:gemodel:multilink ml810scope:eqversion:5.2.0

Trust: 0.8

vendor:gemodel:multilink ml800scope:eqversion:4.2.1

Trust: 0.8

vendor:gemodel:multilink ml1600scope:eqversion:4.2.1

Trust: 0.8

vendor:general electricmodel:multilink ml1200scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml1200scope:lteversion:4.2.1

Trust: 0.8

vendor:general electricmodel:multilink ml1600scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml1600scope:lteversion:4.2.1

Trust: 0.8

vendor:general electricmodel:multilink ml2400scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml2400scope:lteversion:4.2.1

Trust: 0.8

vendor:general electricmodel:multilink ml3000scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml3000scope:lteversion:5.2.0

Trust: 0.8

vendor:general electricmodel:multilink ml3100scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml3100scope:lteversion:5.2.0

Trust: 0.8

vendor:general electricmodel:multilink ml800scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml800scope:lteversion:4.2.1

Trust: 0.8

vendor:general electricmodel:multilink ml810scope: - version: -

Trust: 0.8

vendor:general electricmodel:multilink ml810scope:lteversion:5.2.0

Trust: 0.8

vendor:generalmodel:electric ge multilink ml800scope: - version: -

Trust: 0.6

vendor:generalmodel:electric ge multilink ml1200scope: - version: -

Trust: 0.6

vendor:generalmodel:electric ge multilink ml1600scope: - version: -

Trust: 0.6

vendor:generalmodel:electric ge multilink ml2400 switches withscope:eqversion:4.2.1

Trust: 0.6

vendor:generalmodel:electric ge multilink ml810scope: - version: -

Trust: 0.6

vendor:generalmodel:electric ge multilink ml3000scope: - version: -

Trust: 0.6

vendor:generalmodel:electric ge multilink ml3100 switches withscope:eqversion:5.2.0

Trust: 0.6

vendor:generalmodel:electric multilink ml810scope:eqversion:5.1

Trust: 0.3

vendor:generalmodel:electric multilink ml800scope:eqversion:4.2

Trust: 0.3

vendor:generalmodel:electric multilink ml3100scope:eqversion:5.1

Trust: 0.3

vendor:generalmodel:electric multilink ml3000scope:eqversion:5.1

Trust: 0.3

vendor:generalmodel:electric multilink ml2400scope:eqversion:4.2

Trust: 0.3

vendor:generalmodel:electric multilink ml1600scope:eqversion:4.2

Trust: 0.3

vendor:generalmodel:electric multilink ml1200scope:eqversion:4.2

Trust: 0.3

vendor:generalmodel:electric multilink ml810scope:neversion:5.2

Trust: 0.3

vendor:generalmodel:electric multilink ml800scope:neversion:4.2.1

Trust: 0.3

vendor:generalmodel:electric multilink ml3100scope:neversion:5.2

Trust: 0.3

vendor:generalmodel:electric multilink ml3000scope:neversion:5.2

Trust: 0.3

vendor:generalmodel:electric multilink ml2400scope:neversion:4.2.1

Trust: 0.3

vendor:generalmodel:electric multilink ml1600scope:neversion:4.2.1

Trust: 0.3

vendor:generalmodel:electric multilink ml1200scope:neversion:4.2.1

Trust: 0.3

vendor:gemodel:multilink ml3000scope: - version: -

Trust: 0.2

vendor:gemodel:multilink ml3100scope: - version: -

Trust: 0.2

vendor:gemodel:multilink ml800/ml1200//ml1600/ml2400scope:lteversion:<=4.2.1

Trust: 0.2

vendor:gemodel:multilink ml810/ml3000//ml3100scope:lteversion:<=5.2.0

Trust: 0.2

sources: IVD: a90487d2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00451 // BID: 72069 // JVNDB: JVNDB-2014-007735 // CNNVD: CNNVD-201501-348 // NVD: CVE-2014-5419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5419
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-5419
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-00451
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201501-348
value: MEDIUM

Trust: 0.6

IVD: a90487d2-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-73360
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-5419
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-00451
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a90487d2-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-73360
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: a90487d2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00451 // VULHUB: VHN-73360 // JVNDB: JVNDB-2014-007735 // CNNVD: CNNVD-201501-348 // NVD: CVE-2014-5419

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-73360 // JVNDB: JVNDB-2014-007735 // NVD: CVE-2014-5419

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-348

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201501-348

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007735

PATCH
title:RSA Private Key & DoS Vulnerabiltyurl:http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf
Trust: 0.8
title:Patches with built-in key security bypass vulnerabilities for multiple General Electric (GE) productsurl:https://www.cnvd.org.cn/patchInfo/show/54111
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-00451 // 
            
            
            
            JVNDB: JVNDB-2014-007735

EXTERNAL IDS
db:NVDid:CVE-2014-5419
Trust: 3.6
db:ICS CERTid:ICSA-15-013-04
Trust: 3.4
db:BIDid:72069
Trust: 1.6
db:CNNVDid:CNNVD-201501-348
Trust: 0.9
db:CNVDid:CNVD-2015-00451
Trust: 0.8
db:JVNDBid:JVNDB-2014-007735
Trust: 0.8
db:IVDid:A90487D2-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-73360
Trust: 0.1
sources:
            
            
            IVD: a90487d2-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-00451 // 
            
            
            
            VULHUB: VHN-73360 // 
            
            
            
            BID: 72069 // 
            
            
            
            JVNDB: JVNDB-2014-007735 // 
            
            
            
            CNNVD: CNNVD-201501-348 // 
            
            
            
            NVD: CVE-2014-5419

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-013-04
Trust: 3.4
url:http://www.gedigitalenergy.com/products/support/multilink/mlsb1214.pdf
Trust: 1.7
url:http://www.securityfocus.com/bid/72069
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5419
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5419
Trust: 0.8
url:http://www.ge.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-00451 // 
            
            
            
            VULHUB: VHN-73360 // 
            
            
            
            BID: 72069 // 
            
            
            
            JVNDB: JVNDB-2014-007735 // 
            
            
            
            CNNVD: CNNVD-201501-348 // 
            
            
            
            NVD: CVE-2014-5419

CREDITS
Eireann Leverett of IOActive
Trust: 0.9
sources:
            
            
            BID: 72069 // 
            
            
            
            CNNVD: CNNVD-201501-348

SOURCES
db:IVDid:a90487d2-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-00451
db:VULHUBid:VHN-73360
db:BIDid:72069
db:JVNDBid:JVNDB-2014-007735
db:CNNVDid:CNNVD-201501-348
db:NVDid:CVE-2014-5419

LAST UPDATE DATE
2025-04-13T23:36:29.399000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-00451date:2015-01-21T00:00:00
db:VULHUBid:VHN-73360date:2015-01-21T00:00:00
db:BIDid:72069date:2015-01-13T00:00:00
db:JVNDBid:JVNDB-2014-007735date:2015-01-23T00:00:00
db:CNNVDid:CNNVD-201501-348date:2015-01-19T00:00:00
db:NVDid:CVE-2014-5419date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:a90487d2-2351-11e6-abef-000c29c66e3ddate:2015-01-21T00:00:00
db:CNVDid:CNVD-2015-00451date:2015-01-21T00:00:00
db:VULHUBid:VHN-73360date:2015-01-17T00:00:00
db:BIDid:72069date:2015-01-13T00:00:00
db:JVNDBid:JVNDB-2014-007735date:2015-01-23T00:00:00
db:CNNVDid:CNNVD-201501-348date:2015-01-16T00:00:00
db:NVDid:CVE-2014-5419date:2015-01-17T02:59:02.600