CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
AI Score
Confidence
Low
EPSS
Percentile
77.7%
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500169);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2014-2250");
script_xref(name:"ICSA", value:"14-079-02");
script_name(english:"Siemens SIMATIC S7-1200 Insufficient Entropy in PRNG (CVE-2014-2250)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient
entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions
via unspecified vectors, a different vulnerability than CVE-2014-2251.
This plugin only works with Tenable.ot. Please
visit https://www.tenable.com/products/tenable-ot for more information.");
# http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?919f964f");
script_set_attribute(attribute:"see_also", value:"http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2250");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(310);
script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
script_set_attribute(attribute:"patch_publication_date", value:"2014/03/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7_cpu_1200_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:simatic_s7_cpu_1200_firmware" :
{"versionEndIncluding" : "3.0.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0" :
{"versionEndIncluding" : "3.0", "versionStartIncluding" : "3.0", "family" : "S71200"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);