Details of VAR-201403-0312

ID

VAR-201403-0312

CVE

CVE-2014-2251

TITLE

Siemens SIMATIC S7-1500 CPU PLC Vulnerability that breaks cryptographic protection mechanism in random number generation of devices

Trust: 0.8

sources: JVNDB: JVNDB-2014-001710

DESCRIPTION

The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-331: Insufficient Entropy ( Lack of entropy ) Has been identified. http://cwe.mitre.org/data/definitions/331.htmlA third party could break the cryptographic protection mechanism and hijack the session. Siemens SIMATIC is an automation software in a single engineering environment. The random number generator used by Siemens SIMATIC S7-1500 uses low entropy. The WEB server used by the S7-1500 PLC verifies that there is a security vulnerability in the verification of the random number, allowing the attacker to exploit the vulnerability to hijack the WEB session. Siemens SIMATIC S7-1500 is prone to an insufficient-entropy vulnerability. Remote attackers can exploit this issue to perform man-in-the-middle attacks and gains unauthorized access to the affected devices. This aids in other attacks. Versions prior to Siemens SIMATIC S7-1500 1.5.0 are vulnerable

Trust: 2.7

sources: NVD: CVE-2014-2251 // JVNDB: JVNDB-2014-001710 // CNVD: CNVD-2014-01720 // BID: 66195 // IVD: 25b452d0-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-70190

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 25b452d0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01720

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.1.1	Trust: 1.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.1.0	Trust: 1.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	lt	version:	1.5.0	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500	scope:	eq	version:	1.x	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.1.2	Trust: 0.6
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	1.0.1	Trust: 0.2
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	1.1.0	Trust: 0.2
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	1.1.1	Trust: 0.2
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 25b452d0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01720 // JVNDB: JVNDB-2014-001710 // CNNVD: CNNVD-201403-327 // NVD: CVE-2014-2251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2251
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2251
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01720
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201403-327
value:	HIGH
Trust: 0.6
IVD:	25b452d0-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-70190
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2251
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01720
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	25b452d0-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70190
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 25b452d0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01720 // VULHUB: VHN-70190 // JVNDB: JVNDB-2014-001710 // CNNVD: CNNVD-201403-327 // NVD: CVE-2014-2251

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-001710 // NVD: CVE-2014-2251

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-327

TYPE

other

Trust: 0.8

sources: IVD: 25b452d0-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201403-327

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001710

PATCH

title:	SSA-456423	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf	Trust: 0.8
title:	Siemens SIMATIC S7-1500 patch with insufficient entropy vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/44302	Trust: 0.6

sources: CNVD: CNVD-2014-01720 // JVNDB: JVNDB-2014-001710

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2251	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-073-01	Trust: 2.5
db:	SIEMENS	id:	SSA-456423	Trust: 2.3
db:	BID	id:	66195	Trust: 1.0
db:	CNNVD	id:	CNNVD-201403-327	Trust: 0.9
db:	CNVD	id:	CNVD-2014-01720	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001710	Trust: 0.8
db:	IVD	id:	25B452D0-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-70190	Trust: 0.1

sources: IVD: 25b452d0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01720 // VULHUB: VHN-70190 // BID: 66195 // JVNDB: JVNDB-2014-001710 // CNNVD: CNNVD-201403-327 // NVD: CVE-2014-2251

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-073-01	Trust: 2.5
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2251	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2251	Trust: 0.8
url:	http://subscriber.communications.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2014-01720 // VULHUB: VHN-70190 // BID: 66195 // JVNDB: JVNDB-2014-001710 // CNNVD: CNNVD-201403-327 // NVD: CVE-2014-2251

CREDITS

Dmitry Serebryannikov, Ilya Karpov, Alexey Osipov, Yury Goltsev, Alex Timorin, Alexey Osipov, and Ilya Karpov from Positive Technologies

Trust: 0.3

sources: BID: 66195

SOURCES

db:	IVD	id:	25b452d0-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-01720
db:	VULHUB	id:	VHN-70190
db:	BID	id:	66195
db:	JVNDB	id:	JVNDB-2014-001710
db:	CNNVD	id:	CNNVD-201403-327
db:	NVD	id:	CVE-2014-2251

LAST UPDATE DATE

2024-11-23T21:45:19.445000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01720	date:	2014-03-17T00:00:00
db:	VULHUB	id:	VHN-70190	date:	2020-02-10T00:00:00
db:	BID	id:	66195	date:	2014-03-19T01:13:00
db:	JVNDB	id:	JVNDB-2014-001710	date:	2014-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201403-327	date:	2020-02-11T00:00:00
db:	NVD	id:	CVE-2014-2251	date:	2024-11-21T02:05:56.067

SOURCES RELEASE DATE

db:	IVD	id:	25b452d0-2352-11e6-abef-000c29c66e3d	date:	2014-03-17T00:00:00
db:	CNVD	id:	CNVD-2014-01720	date:	2014-03-17T00:00:00
db:	VULHUB	id:	VHN-70190	date:	2014-03-16T00:00:00
db:	BID	id:	66195	date:	2014-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-001710	date:	2014-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201403-327	date:	2014-03-19T00:00:00
db:	NVD	id:	CVE-2014-2251	date:	2014-03-16T14:06:45.867