Skip to main content

CWE-343

Predictable Value Range from Previous Values

4 CVEs Avg CVSS 7.0 MITRE
0
CRITICAL
1
HIGH
3
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-32694 Go MEDIUM PATCH This Month

A predictable secret identifier (XID) vulnerability in Juju versions 3.0.0 through 3.6.18 allows a malicious grantee to enumerate and predict previously granted secrets owned by the same administrator, enabling unauthorized access to resources intended for other applications. An attacker with high privileges and control over at least one deployed application can exploit this to obtain credentials or configuration data from past secret grants, resulting in information disclosure and potential privilege escalation. While the CVSS score is moderate at 6.6 and exploitation requires specific configuration and high privileges, the fundamental weakness in secret ownership verification represents a significant trust boundary violation in Juju's secret management architecture.

Information Disclosure Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2017-7901 HIGH PATCH This Week

A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rockwell 1763 L16Awa Series A 1763 L16Awa Series B 1763 L16Bbb Series A +17
NVD
CVSS 3.0
8.6
EPSS
0.1%
CVE-2017-6030 MEDIUM This Month

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2014-5409 MEDIUM This Month

The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hydran M2
NVD GitHub
CVSS 2.0
6.4
EPSS
2.3%
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A predictable secret identifier (XID) vulnerability in Juju versions 3.0.0 through 3.6.18 allows a malicious grantee to enumerate and predict previously granted secrets owned by the same administrator, enabling unauthorized access to resources intended for other applications. An attacker with high privileges and control over at least one deployed application can exploit this to obtain credentials or configuration data from past secret grants, resulting in information disclosure and potential privilege escalation. While the CVSS score is moderate at 6.6 and exploitation requires specific configuration and high privileges, the fundamental weakness in secret ownership verification represents a significant trust boundary violation in Juju's secret management architecture.

Information Disclosure Debian Juju +1
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rockwell 1763 L16Awa Series A +19
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure
NVD VulDB GitHub
EPSS 2% CVSS 6.4
MEDIUM This Month

The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hydran M2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy