Description
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf
Scores
EPSS
0.0225
EPSS Percentile
84.8%
Details
CWE
CWE-310
Status
published
Products (7)
siemens/simatic_s7_cpu-1211c
siemens/simatic_s7_cpu_1200_firmware
3.0
siemens/simatic_s7_cpu_1200_firmware
< 3.0.2
siemens/simatic_s7_cpu_1212c
siemens/simatic_s7_cpu_1214c
siemens/simatic_s7_cpu_1215c
siemens/simatic_s7_cpu_1217c
Published
Mar 24, 2014
Tracked Since
Feb 18, 2026