CVE-2016-9154

Name of the Vulnerable Software and Affected Versions Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D versions prior to V6.00.046 Siemens Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U versions prior to V6.00.046

Description The issue is related to the use of a pseudo random number generator with insufficient entropy to generate certificates for HTTPS. This could potentially allow remote attackers to reconstruct the corresponding private key.

Recommendations For versions prior to V6.00.046, update the firmware to version V6.00.046 or later to address the issue. As a temporary workaround, consider restricting access to the HTTPS interface until the update is applied.