CVE-2014-2251

3 documents3 sources

Severity

8.3HIGH

EPSS

0.9%

top 24.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic S7-1500 CPU Firmware

Timeline

PublishedMar 16

Latest updateMay 13

Description

The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:CExploitability: 8.6 | Impact: 8.5

Affected Packages1 packages

▶NVDsiemens/simatic_s7-1500_cpu_firmware1.1.2+3

Patches

Patch: www.siemens.com ↗Patch: www.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-gc2g-5cgv-c5vh: The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1↗2022-05-13

▶

CVEList

CVE-2014-2251: The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1↗2014-03-16

▶