Inadequate Random Number Generation in Siemens SIMATIC S7-1500 CPU PLC
CVE-2014-2251

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic S7-1500 Cpu Firmware
Vendor: CVE Published:; 16 March 2014

Summary

The random-number generator used in Siemens SIMATIC S7-1500 CPU PLC devices prior to firmware version 1.5.0 exhibits insufficient entropy. This vulnerability compromises the cryptographic protections, allowing remote attackers to potentially hijack sessions and exploit the system via unknown methods. Ensuring that devices are updated to the latest firmware version is crucial for maintaining security.

References

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-45642...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 16, 2014
Vulnerability Reserved
Feb 28, 2014