Marcella Hastings

**Name of the Vulnerable Software and Affected Versions** Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D versions prior to V6.00.046 Siemens Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U versions prior to V6.00.046 **Description** The issue is related to the use of a pseudo random number generator with insufficient entropy to generate certificates for HTTPS. This could potentially allow remote attackers to reconstruct the corresponding private key. **Recommendations** For versions prior to V6.00.046, update the firmware to version V6.00.046 or later to address the issue. As a temporary workaround, consider restricting access to the HTTPS interface until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 **Description** The issue concerns the generation of self-signed certificates in certain Huawei devices. These devices use random numbers with insufficient entropy, making it easier for remote attackers to discover private keys by leveraging knowledge of a certificate. This could potentially allow an attacker to compromise the certificates, as different devices' certificates may use the same random number. **Recommendations** For Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500, update to V200R008C00SPC500 or later to resolve the issue. As a temporary workaround, consider restricting access to self-signed certificates until a patch is available. Avoid using self-signed certificates in sensitive environments until the issue is resolved.