Vulnerability Description
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic S7 Cpu 1200 Firmware | <= 3.0.2 |
| Siemens | Simatic S7 Cpu-1211C | - |
| Siemens | Simatic S7 Cpu 1212C | - |
| Siemens | Simatic S7 Cpu 1214C | - |
| Siemens | Simatic S7 Cpu 1215C | - |
| Siemens | Simatic S7 Cpu 1217C | - |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02US Government Resource
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf
- http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02US Government Resource
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf
FAQ
What is CVE-2014-2250?
CVE-2014-2250 is a vulnerability with a CVSS score of 8.3 (HIGH). The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic pro...
How severe is CVE-2014-2250?
CVE-2014-2250 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2250?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic S7 Cpu 1200 Firmware, Siemens Simatic S7 Cpu-1211C, Siemens Simatic S7 Cpu 1212C, Siemens Simatic S7 Cpu 1214C, Siemens Simatic S7 Cpu 1215C.