Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key.
CVSS Information
N/A
Vulnerability Type
PRNG中信息熵不充分
Vulnerability Title
Desigo PX Web Modules 安全漏洞
Vulnerability Description
Siemens Desigo PX Web是德国西门子(Siemens)公司的一套楼宇自动化监控系统。PXA40-W0等都是其中的房间操作单元模块。 使用V6.00.046之前版本固件的Siemens Desigo PX Web多个模块中存在安全漏洞,该漏洞源于程序使用伪随机数字生成器来生成HTTPS证书。远程攻击者可利用该漏洞重建相应的私钥。以下模块受到影响: PXA40-W0, PXA40-W1,PXA40-W2 for Desigo PX自动控制器,PXC00-E.D,PXC50-E.D,PXC10
CVSS Information
N/A
Vulnerability Type
N/A