PT-2014-1003 · Siemens · Simatic S7-1200 Cpu

Publicado

2014-03-20

Atualizado

2020-02-10

CVE-2014-2250

CVSS v2.0

8.3

Alta

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC S7-1200 CPU PLC devices with firmware prior to 4.0

Description The issue concerns a problem with the random-number generator in the authentication handler of the web server, which lacks sufficient entropy. This makes it easier for remote attackers to defeat cryptographic protection mechanisms. As a result, attackers can hijack sessions.

Recommendations For Siemens SIMATIC S7-1200 CPU PLC devices with firmware prior to 4.0, update the firmware to version 4.0 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-331CWE-310

Identificadores relacionados

BDU:2014-00022

CVE-2014-2250

Produtos afetados

Simatic S7-1200 Cpu

PT-2014-1003 · Siemens · Simatic S7-1200 Cpu

CVE-2014-2250

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5