CVE-2014-5419

N/A Unknown
Published: January 17, 2015 Modified: November 05, 2025
View on NVD

Description

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf
Source: ics-cert@hq.dhs.gov
Vendor Advisory
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-013-04a.json
Source: ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a
Source: ics-cert@hq.dhs.gov
http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory US Government Resource

5 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.4%
80th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-321 CWE-310

Affected Vendors

ge

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3