Description
The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02
Various Sources
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-041-02.json
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02
Scores
EPSS
0.0229
EPSS Percentile
84.8%
Details
CWE
CWE-343
Status
published
Products (2)
GE/Hydran M2, containing the 17046 Ethernet option
< October 2014
ge/hydran_m2
Published
Mar 14, 2015
Tracked Since
Feb 18, 2026