CVE-2014-2251
First published: Sun Mar 16 2014(Updated: )
The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Simatic S7-1500 Cpu Firmware | <=1.1.2 | |
| Siemens Simatic S7-1500 Cpu Firmware | =1.0.1 | |
| Siemens Simatic S7-1500 Cpu Firmware | =1.1.0 | |
| Siemens Simatic S7-1500 Cpu Firmware | =1.1.1 |
Remedy
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens simatic s7-1500 cpu firmware
- version/siemens simatic s7-1500 cpu firmware/1.1.2
- version/siemens simatic s7-1500 cpu firmware/1.0.1
- version/siemens simatic s7-1500 cpu firmware/1.1.0
- version/siemens simatic s7-1500 cpu firmware/1.1.1