Details of VAR-201403-0311

ID

VAR-201403-0311

CVE

CVE-2014-2250

TITLE

Siemens SIMATIC S7-1200 CPU PLC Vulnerability that breaks cryptographic protection mechanism in random number generation of devices

Trust: 0.8

sources: JVNDB: JVNDB-2014-001768

DESCRIPTION

The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251. This vulnerability CVE-2014-2251 Is a different vulnerability.A third party could break the cryptographic protection mechanism and hijack the session. The SIMATIC S7-1200 is a programmable controller for simple but highly precise automation tasks. The Siemens SIMATIC S7-1200 sends a specially crafted packet to TCP port 443, causing an attacker to exploit the vulnerability to put the device into defect mode. Siemens SIMATIC S7-1200 is prone to an entropy weakness. Exploiting this issue can allow attackers to hijack another user's session and gain unauthorized access to the victim's account on the affected application. Versions prior to SIMATIC S7-1200 4.0 are vulnerable. Siemens SIMATIC S7-1200 CPU PLC is a programmable logic controller (PLC) used in small and medium-sized automation systems developed by Siemens in Germany. The vulnerability is caused by the random number generator not having sufficient entropy

Trust: 2.88

sources: NVD: CVE-2014-2250 // JVNDB: JVNDB-2014-001768 // CNVD: CNVD-2014-01910 // BID: 66346 // IVD: 210f5144-2352-11e6-abef-000c29c66e3d // IVD: c7c4e180-1ee2-11e6-abef-000c29c66e3d // VULHUB: VHN-70189

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 210f5144-2352-11e6-abef-000c29c66e3d // IVD: c7c4e180-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01910

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7 cpu 1200	scope:	eq	version:	3.0	Trust: 1.6
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	3.x	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1200	scope:	lte	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1215c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1217c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1212c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu-1211c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1214c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu	scope:	lt	version:	4.0	Trust: 0.8
vendor:	siemens	model:	simatic s7 cpu 1200	scope:	eq	version:	3.0.2	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	3.0.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	3.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-1200	scope:	ne	version:	4.0	Trust: 0.3

sources: IVD: 210f5144-2352-11e6-abef-000c29c66e3d // IVD: c7c4e180-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01910 // BID: 66346 // JVNDB: JVNDB-2014-001768 // CNNVD: CNNVD-201403-414 // NVD: CVE-2014-2250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2250
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2250
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01910
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201403-414
value:	HIGH
Trust: 0.6
IVD:	210f5144-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	c7c4e180-1ee2-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-70189
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2250
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01910
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	210f5144-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	c7c4e180-1ee2-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70189
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 210f5144-2352-11e6-abef-000c29c66e3d // IVD: c7c4e180-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01910 // VULHUB: VHN-70189 // JVNDB: JVNDB-2014-001768 // CNNVD: CNNVD-201403-414 // NVD: CVE-2014-2250

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-70189 // JVNDB: JVNDB-2014-001768 // NVD: CVE-2014-2250

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-414

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201403-414

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001768

PATCH

title:	SSA-654382	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC S7-1200 Denial of Service Vulnerability (CNVD-2014-01910)	url:	https://www.cnvd.org.cn/patchInfo/show/72672	Trust: 0.6

sources: CNVD: CNVD-2014-01910 // JVNDB: JVNDB-2014-001768

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2250	Trust: 3.8
db:	ICS CERT	id:	ICSA-14-079-02	Trust: 2.8
db:	SIEMENS	id:	SSA-654382	Trust: 2.0
db:	CNNVD	id:	CNNVD-201403-414	Trust: 1.1
db:	CNVD	id:	CNVD-2014-01910	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001768	Trust: 0.8
db:	SECUNIA	id:	57441	Trust: 0.6
db:	BID	id:	66346	Trust: 0.4
db:	IVD	id:	210F5144-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	C7C4E180-1EE2-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-70189	Trust: 0.1

sources: IVD: 210f5144-2352-11e6-abef-000c29c66e3d // IVD: c7c4e180-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01910 // VULHUB: VHN-70189 // BID: 66346 // JVNDB: JVNDB-2014-001768 // CNNVD: CNNVD-201403-414 // NVD: CVE-2014-2250

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-079-02	Trust: 2.8
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf	Trust: 2.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2250	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2250	Trust: 0.8
url:	http://secunia.com/advisories/57441/	Trust: 0.6
url:	http://support.automation.siemens.com/ww/view/en/86567043	Trust: 0.3
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2014-01910 // VULHUB: VHN-70189 // BID: 66346 // JVNDB: JVNDB-2014-001768 // CNNVD: CNNVD-201403-414 // NVD: CVE-2014-2250

CREDITS

Alexander Timorin, and Alexey Osipov from Positive Technologies.

Trust: 0.3

sources: BID: 66346

SOURCES

db:	IVD	id:	210f5144-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	c7c4e180-1ee2-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-01910
db:	VULHUB	id:	VHN-70189
db:	BID	id:	66346
db:	JVNDB	id:	JVNDB-2014-001768
db:	CNNVD	id:	CNNVD-201403-414
db:	NVD	id:	CVE-2014-2250

LAST UPDATE DATE

2025-04-13T23:14:53.197000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01910	date:	2016-03-15T00:00:00
db:	VULHUB	id:	VHN-70189	date:	2020-02-10T00:00:00
db:	BID	id:	66346	date:	2014-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-001768	date:	2014-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201403-414	date:	2020-02-11T00:00:00
db:	NVD	id:	CVE-2014-2250	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	210f5144-2352-11e6-abef-000c29c66e3d	date:	2014-03-24T00:00:00
db:	IVD	id:	c7c4e180-1ee2-11e6-abef-000c29c66e3d	date:	2014-03-24T00:00:00
db:	CNVD	id:	CNVD-2014-01910	date:	2014-03-24T00:00:00
db:	VULHUB	id:	VHN-70189	date:	2014-03-24T00:00:00
db:	BID	id:	66346	date:	2014-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-001768	date:	2014-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201403-414	date:	2014-03-25T00:00:00
db:	NVD	id:	CVE-2014-2250	date:	2014-03-24T14:20:39.557