VAR-201612-0415
Vulnerability from variot - Updated: 2023-12-18 13:09Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. The SIEMENS building automation system Desigo PX programmable automation station provides a flexible solution that can issue alarm signals, time-based logging procedures and trends, and can be modified or expanded at any time. Remote attackers can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. This aids in other attacks. This could allow the attacker to gain unauthorized access to the system. PXA40-W0 etc. are the room operation unit modules. The following modules are affected: PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX Automation Controllers, PXC00-ED, PXC50-ED, PXC100-ED, PXC200-ED System Controllers; PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automatic controller, PXC00-U, PXC64-U, PXC128-U system controller
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desigo web module pxa30-w0",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa40-w0",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa40-w1",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w2",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa40-w2",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w1",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo px pxa30-w0",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa30-w0",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo px pxa30-w1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa30-w1",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo px pxa30-w2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa30-w2",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo px pxa40-w0",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa40-w0",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo px pxa40-w1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa40-w1",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo px pxa40-w2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa40-w2",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w0 for pxc00-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w1 for pxc00-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w2 for pxc00-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w0 for pxc50-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w1 for pxc50-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w2 for pxc50-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w0 for pxc100-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w1 for pxc100-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w2 for pxc100-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w0 for pxc200-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w1 for pxc200-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w2 for pxc200-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w0 for pxc00-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w1 for pxc00-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w2 for pxc00-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w0 for pxc64-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w1 for pxc64-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w2 for pxc64-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w0 for pxc128-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w1 for pxc128-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w2 for pxc128-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo web module pxa40-w0",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa40-w1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa40-w2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w0",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo px pxa40-w2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa40-w1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa40-w0",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa30-w2px",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa30-w1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa30-w0",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa40-w2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
},
{
"model": "desigo px pxa40-w1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
},
{
"model": "desigo px pxa40-w0",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
},
{
"model": "desigo px pxa30-w2px",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
},
{
"model": "desigo px pxa30-w1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
},
{
"model": "desigo px pxa30-w0",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "BID",
"id": "94962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_web_module_pxa30-w0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.00.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_web_module_pxa30-w1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.00.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_web_module_pxa30-w2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.00.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_web_module_pxa40-w1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.00.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_web_module_pxa40-w0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.00.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_web_module_pxa40-w2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.00.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_web_module_pxa40-w1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_web_module_pxa30-w0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_web_module_pxa30-w1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_web_module_pxa30-w2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_web_module_pxa40-w0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_web_module_pxa40-w2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9154"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcella Hastings, Joshua Fried and Nadia Heninger from the University of\nPennsylvania",
"sources": [
{
"db": "BID",
"id": "94962"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9154",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9154",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2016-12572",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97974",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9154",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9154",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-12572",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-580",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97974",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "VULHUB",
"id": "VHN-97974"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions \u003c V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions \u003c V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. The SIEMENS building automation system Desigo PX programmable automation station provides a flexible solution that can issue alarm signals, time-based logging procedures and trends, and can be modified or expanded at any time. \nRemote attackers can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. This aids in other attacks. This could allow the attacker to gain unauthorized access to the system. PXA40-W0 etc. are the room operation unit modules. The following modules are affected: PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX Automation Controllers, PXC00-ED, PXC50-ED, PXC100-ED, PXC200-ED System Controllers; PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automatic controller, PXC00-U, PXC64-U, PXC128-U system controller",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9154"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "BID",
"id": "94962"
},
{
"db": "VULHUB",
"id": "VHN-97974"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9154",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-355-01",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-856492",
"trust": 2.6
},
{
"db": "BID",
"id": "94962",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12572",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97974",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "VULHUB",
"id": "VHN-97974"
},
{
"db": "BID",
"id": "94962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
]
},
"id": "VAR-201612-0415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "VULHUB",
"id": "VHN-97974"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
}
]
},
"last_update_date": "2023-12-18T13:09:00.388000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-856492",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf"
},
{
"title": "Patch for SIEMENS Desigo PX Web module pseudo-random number generation has insufficient entropy vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/86124"
},
{
"title": "Desigo PX Web Modules Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66607"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-332",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97974"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-355-01"
},
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94962"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9154"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9154"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "VULHUB",
"id": "VHN-97974"
},
{
"db": "BID",
"id": "94962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "VULHUB",
"id": "VHN-97974"
},
{
"db": "BID",
"id": "94962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"date": "2016-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-97974"
},
{
"date": "2016-12-19T00:00:00",
"db": "BID",
"id": "94962"
},
{
"date": "2017-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"date": "2016-12-23T05:59:00.593000",
"db": "NVD",
"id": "CVE-2016-9154"
},
{
"date": "2016-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-97974"
},
{
"date": "2017-01-12T00:03:00",
"db": "BID",
"id": "94962"
},
{
"date": "2017-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"date": "2019-10-09T23:20:20.100000",
"db": "NVD",
"id": "CVE-2016-9154"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Desigo PX For automation controllers Desigo PX Web Vulnerability of reconfiguring corresponding private key in module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…