{"api_version":"1","generated_at":"2026-04-23T16:05:37+00:00","cve":"CVE-2014-2250","urls":{"html":"https://cve.report/CVE-2014-2250","api":"https://cve.report/api/cve/CVE-2014-2250.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-2250","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-2250"},"summary":{"title":"CVE-2014-2250","description":"The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2014-03-24 14:20:00","updated_at":"2020-02-10 15:15:00"},"problem_types":["CWE-310"],"metrics":[],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf","refsource":"CONFIRM","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02","name":"http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02","refsource":"MISC","tags":["US Government Resource"],"title":"Siemens SIMATIC S7-1200 Vulnerabilities | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf","name":"http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Siemens","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-2250","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2250","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_s7_cpu-1211c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_s7_cpu-1211c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"siemens","cpe5":"simatic_s7_cpu_1200_firmware","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"siemens","cpe5":"simatic_s7_cpu_1200_firmware","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"3.0.2","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"siemens","cpe5":"simatic_s7_cpu_1200_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_s7_cpu_1212c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_s7_cpu_1212c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_s7_cpu_1214c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_s7_cpu_1214c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_s7_cpu_1215c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_s7_cpu_1215c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_s7_cpu_1217c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2250","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_s7_cpu_1217c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2014-2250","qid":"591110","title":"Siemens SIMATIC S7-1200 Multiple Vulnerabilities (ICSA-14-079-02, SSA-654382)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-2250","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf","refsource":"CONFIRM","url":"http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"},{"name":"http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02","refsource":"MISC","url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"},{"refsource":"CONFIRM","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"}]}},"nvd":{"publishedDate":"2014-03-24 14:20:00","lastModifiedDate":"2020-02-10 15:15:00","problem_types":["CWE-310"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE","baseScore":8.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":8.5,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"2250","Ordinal":"69136","Title":"CVE-2014-2250","CVE":"CVE-2014-2250","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"2250","Ordinal":"1","NoteData":"The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"2250","Ordinal":"2","NoteData":"2014-03-21","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"2250","Ordinal":"3","NoteData":"2020-02-10","Type":"Other","Title":"Modified"}]}}}