Published: 17/01/2015 Updated: 21/01/2015

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and previous versions and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and previous versions allow remote malicious users to cause a denial of service (resource consumption or reboot) via crafted packets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ge multilink_ml810_firmware
ge multilink_ml810 -
ge multilink_ml1600_firmware
ge multilink_ml1600 -
ge multilink_ml1200_firmware
ge multilink_ml1200 -
ge multilink_ml3000_firmware
ge multilink_ml3000
ge multilink_ml2400_firmware
ge multilink_ml2400 -
ge multilink_ml3100_firmware
ge multilink_ml3100
ge multilink_ml800_firmware
ge multilink_ml800 -

Got a GE industrial Ethernet switch? Get patching

The Register • Richard Chirgwin and Darren Pauli • 15 Jan 2015

Hard-coded RSA keys found in firmware

GE is the latest industrial kit vendor to send users patching to protect against hard-coded credentials in Ethernet switches. IOActive disclosed the vulnerability to ICS-CERT, which issued this advisory (details here CVE-2014-5418 and here CVE-2014-5419). The vulnerability occurs in various GE Multilink managed Ethernet switches: the ML800, 1200, 1600 and 2400 versions 4.2.1 and older; and the ML810, 3000 and 3100 versions older than version 5.2.0. In these switches, the RSA key used to encrypt ...

CVE-2014-5418

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect