TCP Session Spoofing Vulnerability in Eaton Cooper Power Systems ProView
CVE-2014-9196

Currently unrated

Key Information:

Vendor: Eaton
Status: Proview
Vendor: CVE Published:; 20 July 2015

Summary

Eaton Cooper Power Systems ProView versions 4.0 and 5.0 prior to 5.0 11 are susceptible to a vulnerability that allows attackers to predict the TCP initial sequence number (ISN) values generated by the system. This predictable ISN poses a significant risk as it enables remote attackers to spoof TCP sessions, potentially leading to unauthorized access and exploitation of network communications.

References

http://www.securityfocus.com/bid/75936

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01

x_refsource_MISC

Timeline

Vulnerability published
Jul 20, 2015
Vulnerability Reserved
Dec 2, 2014