2 matches found
GE Multilink Switch Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...
CVE-2014-5419
CVE-2014-5419 affects GE Multilink switches (ML800/1200/1600/2400 on firmware 4.2.1 and earlier; ML810/3000/3100 on firmware 5.2.0 and earlier). Root cause: use of the same RSA private key across installations, enabling an attacker to decrypt SSL traffic by extracting the key from firmware. Impac...