CVEbaza.plSłownik CWECWE-342
Common Weakness Enumeration

CWE-342

Predictable Exact Value from Previous Values

Kategoria: BaseCVE: 6
Opis

Dokładna wartość lub liczba losowa może być precyzyjnie przewidziana poprzez obserwację poprzednich wartości. Podatność ta powstaje, gdy algorytm generujący wartości nie zapewnia wystarczającej losowości lub nieprzewidywalności.

Description (EN)

An exact value or random number can be precisely predicted by observing previous values.

Podatności CVE z CWE-342 (6)
9.8
CVSS
CRITICAL
CVE-2020-16226

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.

pub. 2020-10-05
9.1
CVSS
CRITICAL
CVE-2022-27577

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.

pub. 2022-04-11
8.7
CVSS
HIGH
CVE-2022-29930

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.

pub. 2022-05-12
7.6
CVSS
HIGH
CVE-2014-9196

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

pub. 2015-07-20
6.5
CVSS
MEDIUM
CVE-2020-28388

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.

pub. 2021-02-09
5.9
CVSS
MEDIUM
CVE-2023-3373

Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.

pub. 2023-08-04
Informacje
ID: CWE-342
Typ: Base
Podatności: 6
MITRE CWE ↗
← Słownik CWE