CVE-2014-5418

Current Description

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets.

Basic Data

PublishedJanuary 17, 2015
Last ModifiedJanuary 21, 2015
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGeMultilink Ml810 Firmware********5.2.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareGeMultilink Ml810-*******
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGeMultilink Ml1600 Firmware********4.2.1
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareGeMultilink Ml1600-*******
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGeMultilink Ml1200 Firmware********4.2.1
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareGeMultilink Ml1200-*******
  • AND
    • OR - Configuration 4
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGeMultilink Ml3000 Firmware********5.2.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareGeMultilink Ml3000********
  • AND
    • OR - Configuration 5
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGeMultilink Ml2400 Firmware********4.2.1
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareGeMultilink Ml2400-*******
  • AND
    • OR - Configuration 6
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGeMultilink Ml3100 Firmware********5.2.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareGeMultilink Ml3100********
  • AND
    • OR - Configuration 7
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGeMultilink Ml800 Firmware********4.2.1
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareGeMultilink Ml800-*******

Vulnerable Software List

VendorProductVersions
Ge Multilink Ml810 Firmware *
Ge Multilink Ml810 -
Ge Multilink Ml1600 Firmware *
Ge Multilink Ml1600 -
Ge Multilink Ml1200 Firmware *
Ge Multilink Ml1200 -
Ge Multilink Ml3000 Firmware *
Ge Multilink Ml3000 *
Ge Multilink Ml2400 Firmware *
Ge Multilink Ml2400 -
Ge Multilink Ml3100 Firmware *
Ge Multilink Ml3100 *
Ge Multilink Ml800 Firmware *
Ge Multilink Ml800 -

References

NameSourceURLTags
http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdfhttp://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdfCONFIRMVendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04MISCThird Party Advisory US Government Resource