PT-2014-1003 · Siemens · Simatic S7-1200 Cpu

Published

2014-03-20

Updated

2020-02-10

CVE-2014-2250

CVSS v2.0

8.3

High

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC S7-1200 CPU PLC devices with firmware prior to 4.0

Description The issue concerns a problem with the random-number generator in the authentication handler of the web server, which lacks sufficient entropy. This makes it easier for remote attackers to defeat cryptographic protection mechanisms. As a result, attackers can hijack sessions.

Recommendations For Siemens SIMATIC S7-1200 CPU PLC devices with firmware prior to 4.0, update the firmware to version 4.0 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331CWE-310

Related Identifiers

BDU:2014-00022

CVE-2014-2250

Affected Products

Simatic S7-1200 Cpu

PT-2014-1003 · Siemens · Simatic S7-1200 Cpu

CVE-2014-2250

Weakness Enumeration

Related Identifiers

Affected Products

References · 5