Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2014-2250
HistoryMar 24, 2014 - 2:20 p.m.

CVE-2014-2250

2014-03-2414:20:39
CWE-310
mitre
web.nvd.nist.gov
36
siemens
simatic s7-1200
cpu
plc
firmware
cve-2014-2250
vulnerability
hijack sessions
cryptographic protection
remote attackers
nvd.

CVSS2

8.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

AI Score

6.7

Confidence

Low

EPSS

0.006

Percentile

77.7%

JSON

The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.

Affected configurations

Nvd
Node
siemenssimatic_s7_cpu_1200_firmwareRange≀3.0.2
OR
siemenssimatic_s7_cpu_1200_firmwareMatch3.0
AND
siemenssimatic_s7_cpu-1211cMatch-
OR
siemenssimatic_s7_cpu_1212cMatch-
OR
siemenssimatic_s7_cpu_1214cMatch-
OR
siemenssimatic_s7_cpu_1215cMatch-
OR
siemenssimatic_s7_cpu_1217cMatch-
VendorProductVersionCPE
siemenssimatic_s7_cpu_1200_firmware*cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:*:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1200_firmware3.0cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*
siemenssimatic_s7_cpu-1211c-cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1212c-cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1214c-cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1215c-cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1217c-cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*

Related

nvd 2
prion 2
nessus 5
cvelist 2
ptsecurity 2
cve 1
seebug 1
ics 2
nvd
nvd
CVE-2014-2250
2014-03-24 14:20:39
CVE-2014-2251
2014-03-16 14:06:45
prion
prion
Code injection
2014-03-24 14:20:00
Code injection
2014-03-16 14:06:00
nessus
nessus
Siemens SIMATIC S7-1200 Insufficient Entropy in PRNG (CVE-2014-2250)
2022-02-07 00:00:00
Siemens Simatic Unspecified Vulnerability
2019-11-08 00:00:00
Siemens SIMATIC S7-1200 PLCs < 4.0 Random Number Generator Insufficient Entropy
2019-05-08 00:00:00
cvelist
cvelist
CVE-2014-2250
2014-03-22 01:00:00
CVE-2014-2251
2014-03-16 10:00:00
ptsecurity
ptsecurity
PT-2013-87: Insuffient Entropy in Siemens SIMATIC S7-1200 CPU PLC
2013-05-08 00:00:00
PT-2013-84: Insuffient Entropy in Siemens SIMATIC S7-1500 CPU PLC
2013-05-08 00:00:00
cve
cve
CVE-2014-2251
2014-03-16 14:06:45
seebug
seebug
Siemens SIMATIC S7-1200倚δΈͺ漏洞
2014-03-21 00:00:00
ics
ics
Siemens SIMATIC S7-1200 Vulnerabilities
2018-08-23 12:00:00
Siemens SIMATIC S7-1500 CPU Firmware Vulnerabilities
2018-09-06 12:00:00

CVSS2

8.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

AI Score

6.7

Confidence

Low

EPSS

0.006

Percentile

77.7%

JSON
Related for CVE-2014-2250
nvd2prion2nessus5cvelist2ptsecurity2cve1seebug1ics2