Skip to main content

CWE-342

Predictable Exact Value from Previous Values

5 CVEs Avg CVSS 8.1 MITRE
3
CRITICAL
1
HIGH
1
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2023-3373 CRITICAL Act Now

Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt21 Firmware Gs21 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-29930 MEDIUM PATCH This Month

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ktor
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-27577 CRITICAL Act Now

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Msc800 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2020-16226 CRITICAL Act Now

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qj71Mes96 Firmware Qj71Ws96 Firmware Q06Ccpu V Firmware Q24Dhccpu V Firmware +91
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2014-9196 HIGH This Week

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Proview
NVD
CVSS 2.0
7.6
EPSS
2.2%
EPSS 1% CVSS 9.1
CRITICAL Act Now

Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt21 Firmware Gs21 Firmware
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ktor
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Msc800 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qj71Mes96 Firmware Qj71Ws96 Firmware +93
NVD
EPSS 2% CVSS 7.6
HIGH This Week

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Proview
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy