Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2250

Overview

Vulnerability Score 8.3 8.3
CVE Id CVE-2014-2250
Last Modified 24 Mar 2014 11:47:18
Published 24 Mar 2014 10:20:39
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2250

Summary

The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.

Vulnerable Systems

Operating System

  • Siemens Simatic S7 Cpu 1200 Firmware 3.0

  • Siemens Simatic S7 Cpu 1200 Firmware 3.0.2


References

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02

CONFIRM - http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf


Last Updated: 27 May 2016 11:04:45