Insufficient Entropy in Siemens SIMATIC S7-1200 CPU PLC Devices
CVE-2014-2250

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic S7 Cpu 1200 Firmware; Simatic S7 Cpu-1211c; Simatic S7 Cpu 1212c; Simatic S7 Cpu 1214c
Vendor: CVE Published:; 24 March 2014

What is CVE-2014-2250?

The random-number generator in Siemens SIMATIC S7-1200 CPU PLC devices with firmware versions prior to 4.0 suffers from insufficient entropy. This flaw can be exploited by remote attackers to bypass cryptographic protections, potentially enabling session hijacking and other malicious activities through unspecified attack vectors. This vulnerability is distinct from similar issues, emphasizing the need for updated firmware to mitigate risks.

References

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-65438...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2014
Vulnerability Reserved
Feb 28, 2014