ID
VAR-201503-0371
CVE
CVE-2014-5409
TITLE
GE Digital Energy Hydran M2 for 17046 Ethernet Vulnerability in a packet being spoofed
Trust: 0.8
sources:
JVNDB: JVNDB-2014-007977
DESCRIPTION
The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. The GE Hydran M2 is a fault gas and moisture detection solution. General Electric (GE) Hydran M2 is prone to a predictable random number generator weakness
Trust: 2.61
sources:
NVD: CVE-2014-5409 //
JVNDB: JVNDB-2014-007977 //
CNVD: CNVD-2015-01827 //
BID: 73026 //
IVD: 9ca20a14-2351-11e6-abef-000c29c66e3d
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
sources:
IVD: 9ca20a14-2351-11e6-abef-000c29c66e3d //
CNVD: CNVD-2015-01827
AFFECTED PRODUCTS
| vendor: | ge | model: | hydran m2 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | ge | model: | hydran m2 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | general electric | model: | hydran m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | general | model: | electric hydran m2 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hydran m2 | model: | - | scope: | eq | version: | * | Trust: 0.2 |
sources:
IVD: 9ca20a14-2351-11e6-abef-000c29c66e3d //
CNVD: CNVD-2015-01827 //
BID: 73026 //
CNNVD: CNNVD-201503-323 //
JVNDB: JVNDB-2014-007977 //
NVD: CVE-2014-5409
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
IVD: 9ca20a14-2351-11e6-abef-000c29c66e3d //
CNVD: CNVD-2015-01827 //
CNNVD: CNNVD-201503-323 //
JVNDB: JVNDB-2014-007977 //
NVD: CVE-2014-5409 //
NVD: CVE-2014-5409
PROBLEMTYPE DATA
| problemtype: | CWE-343 | Trust: 1.0 |
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
| problemtype: | CWE-Other | Trust: 0.8 |
sources:
JVNDB: JVNDB-2014-007977 //
NVD: CVE-2014-5409
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201503-323
TYPE
Design Error
Trust: 0.3
sources:
BID: 73026
CONFIGURATIONS
sources:
JVNDB: JVNDB-2014-007977
PATCH
| title: | Hydran M2 | url: | https://www.gedigitalenergy.com/md/catalog/hydranm2.htm | Trust: 0.8 |
| title: | GE Hydran M2 can guess patches for TCP initialization sequence vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/56375 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-01827 //
JVNDB: JVNDB-2014-007977
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-5409 | Trust: 3.5 |
| db: | ICS CERT | id: | ICSA-15-041-02 | Trust: 3.3 |
| db: | BID | id: | 73026 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2015-01827 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201503-323 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2014-007977 | Trust: 0.8 |
| db: | IVD | id: | 9CA20A14-2351-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
sources:
IVD: 9ca20a14-2351-11e6-abef-000c29c66e3d //
CNVD: CNVD-2015-01827 //
BID: 73026 //
CNNVD: CNNVD-201503-323 //
JVNDB: JVNDB-2014-007977 //
NVD: CVE-2014-5409
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-15-041-02 | Trust: 3.3 |
| url: | http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101 | Trust: 1.6 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02 | Trust: 1.0 |
| url: | https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2015/icsa-15-041-02.json | Trust: 1.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5409 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5409 | Trust: 0.8 |
| url: | http://www.ge.com/ | Trust: 0.3 |
| url: | https://www.gedigitalenergy.com/md/catalog/hydranm2.htm | Trust: 0.3 |
sources:
CNVD: CNVD-2015-01827 //
BID: 73026 //
CNNVD: CNNVD-201503-323 //
JVNDB: JVNDB-2014-007977 //
NVD: CVE-2014-5409
CREDITS
Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech.
Trust: 0.3
sources:
BID: 73026
SOURCES
| db: | IVD | id: | 9ca20a14-2351-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2015-01827 |
| db: | BID | id: | 73026 |
| db: | CNNVD | id: | CNNVD-201503-323 |
| db: | JVNDB | id: | JVNDB-2014-007977 |
| db: | NVD | id: | CVE-2014-5409 |
LAST UPDATE DATE
2025-11-18T15:34:02.847000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-01827 | date: | 2015-03-19T00:00:00 |
| db: | BID | id: | 73026 | date: | 2015-03-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-201503-323 | date: | 2015-03-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-007977 | date: | 2015-03-17T00:00:00 |
| db: | NVD | id: | CVE-2014-5409 | date: | 2025-11-03T19:15:39.013 |
SOURCES RELEASE DATE
| db: | IVD | id: | 9ca20a14-2351-11e6-abef-000c29c66e3d | date: | 2015-03-19T00:00:00 |
| db: | CNVD | id: | CNVD-2015-01827 | date: | 2015-03-19T00:00:00 |
| db: | BID | id: | 73026 | date: | 2015-03-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-201503-323 | date: | 2015-03-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-007977 | date: | 2015-03-17T00:00:00 |
| db: | NVD | id: | CVE-2014-5409 | date: | 2015-03-14T01:59:00.067 |