Published: 23/12/2016 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote malicious users to reconstruct the corresponding private key.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens desigo_web_module_pxa30-w0_firmware
siemens desigo_web_module_pxa30-w1_firmware
siemens desigo_web_module_pxa30-w2_firmware
siemens desigo_web_module_pxa40-w1_firmware
siemens desigo_web_module_pxa40-w0_firmware
siemens desigo_web_module_pxa40-w2_firmware

CWE-332 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf http://www.securityfocus.com/bid/94962 https://ics-cert.us-cert.gov/advisories/ICSA-16-355-01 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-9154

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect