Description
The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
Scores
EPSS
0.0274
EPSS Percentile
84.5%
Details
Status
published
Products (4)
siemens/simatic_s7-1500_cpu_firmware
1.0.1
siemens/simatic_s7-1500_cpu_firmware
1.1.0
siemens/simatic_s7-1500_cpu_firmware
1.1.1
siemens/simatic_s7-1500_cpu_firmware
< 1.1.2
Published
Mar 16, 2014
Tracked Since
Feb 18, 2026