ByteOS Network

Vulnerability Details :

CVE-2014-2250

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-22 Mar, 2014 | 01:00

Updated At-06 Aug, 2024 | 10:06

The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:22 Mar, 2014 | 01:00

Updated At:06 Aug, 2024 | 10:06

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf	x_refsource_CONFIRM
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02	x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf	x_refsource_CONFIRM

Hyperlink: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf

Resource:

x_refsource_CONFIRM

Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02

Resource:

x_refsource_MISC

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf	x_refsource_CONFIRM x_transferred
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02	x_refsource_MISC x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf	x_refsource_CONFIRM x_transferred

Hyperlink: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:24 Mar, 2014 | 14:20

Updated At:12 Apr, 2025 | 10:46

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	8.3	HIGH	AV:N/AC:M/Au:N/C:P/I:P/A:C

Type: Primary

Version: 2.0

Base score: 8.3

Base severity: HIGH

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:C

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-310	Primary	nvd@nist.gov

CWE ID: CWE-310

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02	cve@mitre.org	US Government Resource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf	cve@mitre.org	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf	cve@mitre.org	N/A
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02

Source: cve@mitre.org

Resource:

US Government Resource

Hyperlink: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

US Government Resource

Hyperlink: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

3Records found

CVE-2014-2251

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-8.3||HIGH

EPSS-0.90% / 74.75%

7 Day CHG~0.00%

Published-16 Mar, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.

Vendor-n/a Siemens AG

Product-simatic_s7-1500_cpu_firmware n/a

CVE-2013-6925

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-8.3||HIGH

EPSS-0.56% / 67.35%

7 Day CHG~0.00%

Published-17 Dec, 2013 | 02:00

Updated-11 Apr, 2025 | 00:51

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.

Vendor-n/a Siemens AG

Product-ruggedcom_rugged_operating_system n/a

CWE ID-CWE-330

Use of Insufficiently Random Values

CVE-2013-5709

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-8.3||HIGH

EPSS-2.18% / 83.67%

7 Day CHG~0.00%

Published-17 Sep, 2013 | 10:00

Updated-11 Apr, 2025 | 00:51

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.

Vendor-n/a Siemens AG

Product-scalance_x204irt scalance_x200-4p_irt scalance_xf-200 scalance_x202-2p_irt scalance_x202-2irt scalance_x-200rna scalance_x-200 scalance_x201-3p_irt scalance_x-200_series_firmware n/a

CVE-2014-2250

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs