Description
The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
Scores
EPSS
0.0090
EPSS Percentile
76.0%
Details
Status
published
Products (4)
siemens/simatic_s7-1500_cpu_firmware
1.0.1
siemens/simatic_s7-1500_cpu_firmware
1.1.0
siemens/simatic_s7-1500_cpu_firmware
1.1.1
siemens/simatic_s7-1500_cpu_firmware
< 1.1.2
Published
Mar 16, 2014
Tracked Since
Feb 18, 2026