CVE-2016-9154

Published: 23/12/2016 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote malicious users to reconstruct the corresponding private key.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens desigo web module pxa30-w0 firmware
siemens desigo web module pxa30-w1 firmware
siemens desigo web module pxa30-w2 firmware
siemens desigo web module pxa40-w0 firmware
siemens desigo web module pxa40-w1 firmware
siemens desigo web module pxa40-w2 firmware

CWE-332 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf http://www.securityfocus.com/bid/94962 https://ics-cert.us-cert.gov/advisories/ICSA-16-355-01 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-9154

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect