CVE-2016-9154

Siemens Desigo PX Web modules (PXA40-W0/W1/W2; PXA30-W0/W1/W2 for PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D, PXC00-U, PXC64-U, PXC128-U) are affected by CVE-2016-9154. The root cause is a pseudo-random number generator with insufficient entropy used to generate HTTPS certificates, enabling a r...

Siemens Patches Insufficient Entropy Vulnerability in ICS Systems

German industrial giant Siemens has provided a firmware update addressing vulnerabilities that are found in a popular line of its Desigo PX industrial control hardware used in controlling primarily HVAC systems in commercial buildings . On Wednesday, Siemens, in coordination with ICS-CERT, issued...