Predictable Exact Value from Previous Values

CVE-2014-9196

High

7.6/10

Summary

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Access Complexity: HIGH
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

CWE-342 - Predictable Exact Value from Previous Values

An exact value or random number can be precisely predicted by observing previous values.

References

Advisory Timeline

Published Jul 20, 2015

Predictable Exact Value from Previous Values

CVE-2014-9196

Summary

CWE-342 - Predictable Exact Value from Previous Values

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS