Vulnerability in Siemens Simatic_s7_cpu_1200_firmware

CVE-2014-2250

The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.022 (84.9th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic_s7_cpu_1200_firmware — versions 3.0
Siemens Simatic_s7_cpu-1211c
Siemens Simatic_s7_cpu_1212c
Siemens Simatic_s7_cpu_1214c
Siemens Simatic_s7_cpu_1215c
Siemens Simatic_s7_cpu_1217c
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (US Government Resource, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)