CVE-2016-9154

CVE-2016-9154

Vendor N/A
Product Desigo PX Web modules with all firmware versions < V6.00.046
Weakness CWE-332
Published December 23, 2016
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key.

Key dates

02Disclosure timeline

December 23, 2016 CVE published
August 6, 2024 Record updated