9.3

CVE-2014-9196

EPSS 2.72%
Veröffentlicht 20.07.2015 01:59:01
Zuletzt bearbeitet 05.09.2025 21:15:33
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eaton ≫ Proview Version4.0

Eaton ≫ Proview Version5.0

Eaton ≫ Proview Version5.0.1

Eaton ≫ Proview Version5.0.2

Eaton ≫ Proview Version5.0.3

Eaton ≫ Proview Version5.0.4

Eaton ≫ Proview Version5.0.5

Eaton ≫ Proview Version5.0.6

Eaton ≫ Proview Version5.0.7

Eaton ≫ Proview Version5.0.8

Eaton ≫ Proview Version5.0.9

Eaton ≫ Proview Version5.0.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.72%	0.856

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

CWE-342 Predictable Exact Value from Previous Values

An exact value or random number can be precisely predicted by observing previous values.

http://www.securityfocus.com/bid/75936

https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01

Third Party Advisory

US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01

https://www.eaton.com/cybersecurity

https://nvd.nist.gov/vuln/detail/CVE-2014-9196

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-9196

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-9196

EUVD