CVE-2014-5419
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network.
Los switches GE Multilink ML800, ML1200, ML1600, y ML2400 con firmware 4.2.1 y anteriores y los switches Multilink ML810, ML3000, y ML3100 con firmware 5.2.0 y anteriores utilizan la misma clave RSA privada en instalaciones diferentes de cliente, lo que facilita a atacantes remotos obtener el contenido en texto plano de trafico de la red mediante la lectura de esta clave de una imagen de firmware y posteriormente la captura de trafico de la red.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-08-22 CVE Reserved
- 2015-01-17 CVE Published
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf | 2015-01-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ge Search vendor "Ge" | Multilink Ml3100 Firmware Search vendor "Ge" for product "Multilink Ml3100 Firmware" | <= 5.2.0 Search vendor "Ge" for product "Multilink Ml3100 Firmware" and version " <= 5.2.0" | - |
Affected
| in | Ge Search vendor "Ge" | Multilink Ml3100 Search vendor "Ge" for product "Multilink Ml3100" | * | - |
Affected
|
| Ge Search vendor "Ge" | Multilink Ml3000 Firmware Search vendor "Ge" for product "Multilink Ml3000 Firmware" | <= 5.2.0 Search vendor "Ge" for product "Multilink Ml3000 Firmware" and version " <= 5.2.0" | - |
Affected
| in | Ge Search vendor "Ge" | Multilink Ml3000 Search vendor "Ge" for product "Multilink Ml3000" | * | - |
Affected
|
| Ge Search vendor "Ge" | Multilink Ml810 Firmware Search vendor "Ge" for product "Multilink Ml810 Firmware" | <= 5.2.0 Search vendor "Ge" for product "Multilink Ml810 Firmware" and version " <= 5.2.0" | - |
Affected
| in | Ge Search vendor "Ge" | Multilink Ml810 Search vendor "Ge" for product "Multilink Ml810" | - | - |
Affected
|
| Ge Search vendor "Ge" | Multilink Ml1600 Firmware Search vendor "Ge" for product "Multilink Ml1600 Firmware" | <= 4.2.1 Search vendor "Ge" for product "Multilink Ml1600 Firmware" and version " <= 4.2.1" | - |
Affected
| in | Ge Search vendor "Ge" | Multilink Ml1600 Search vendor "Ge" for product "Multilink Ml1600" | - | - |
Affected
|
| Ge Search vendor "Ge" | Multilink Ml800 Firmware Search vendor "Ge" for product "Multilink Ml800 Firmware" | <= 4.2.1 Search vendor "Ge" for product "Multilink Ml800 Firmware" and version " <= 4.2.1" | - |
Affected
| in | Ge Search vendor "Ge" | Multilink Ml800 Search vendor "Ge" for product "Multilink Ml800" | - | - |
Affected
|
| Ge Search vendor "Ge" | Multilink Ml2400 Firmware Search vendor "Ge" for product "Multilink Ml2400 Firmware" | <= 4.2.1 Search vendor "Ge" for product "Multilink Ml2400 Firmware" and version " <= 4.2.1" | - |
Affected
| in | Ge Search vendor "Ge" | Multilink Ml2400 Search vendor "Ge" for product "Multilink Ml2400" | - | - |
Affected
|
| Ge Search vendor "Ge" | Multilink Ml1200 Firmware Search vendor "Ge" for product "Multilink Ml1200 Firmware" | <= 4.2.1 Search vendor "Ge" for product "Multilink Ml1200 Firmware" and version " <= 4.2.1" | - |
Affected
| in | Ge Search vendor "Ge" | Multilink Ml1200 Search vendor "Ge" for product "Multilink Ml1200" | - | - |
Affected
|