CVE-2014-9196

critical

Description

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

References

https://www.eaton.com/cybersecurity

https://www.cisa.gov/news-events/ics-advisories/icsa-15-006-01

https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01

http://www.securityfocus.com/bid/75936

Details

Source: Mitre, NVD

Published: 2015-07-20

Updated: 2025-09-05

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01166