CVE-2014-5409

CVE-2014-5409: GE Hydran M2 Predictable Value Range from Previous Values

Vendor Ge
Product Hydran M2, containing the 17046 Ethernet option
Weakness CWE-343
Published March 14, 2015
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.

Key dates

02Disclosure timeline

March 14, 2015 CVE published
November 3, 2025 Record updated