CVE-2014-2251
Summary
| CVE | CVE-2014-2251 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-03-16 14:06:00 UTC |
| Updated | 2020-02-10 15:15:00 UTC |
| Description | The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Siemens | Simatic S7-1500 Cpu Firmware | 1.0.1 | All | All | All |
| Operating System | Siemens | Simatic S7-1500 Cpu Firmware | 1.1.0 | All | All | All |
| Operating System | Siemens | Simatic S7-1500 Cpu Firmware | 1.1.1 | All | All | All |
| Operating System | Siemens | Simatic S7-1500 Cpu Firmware | 1.0.1 | All | All | All |
| Operating System | Siemens | Simatic S7-1500 Cpu Firmware | 1.1.0 | All | All | All |
| Operating System | Siemens | Simatic S7-1500 Cpu Firmware | 1.1.1 | All | All | All |
| Operating System | Siemens | Simatic S7-1500 Cpu Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Siemens | CONFIRM | www.siemens.com | Patch, Vendor Advisory |
| Siemens SIMATIC S7-1500 CPU Firmware Vulnerabilities | ICS-CERT | MISC | ics-cert.us-cert.gov | US Government Resource |
| cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf | CONFIRM | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 591118 Siemens SIMATIC S7-1500 CPU family Multiple Vulnerabilities (ICSA-14-073-01,SSA-456423)