{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T13:04:49.773","vulnerabilities":[{"cve":{"id":"CVE-2016-9154","sourceIdentifier":"productcert@siemens.com","published":"2016-12-23T05:59:00.593","lastModified":"2025-04-12T10:46:40.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key."},{"lang":"es","value":"Los módulos Siemens Desigo PX Web PXA40-W0, PXA40-W1, PXA40-W2 para controladores automáticos Desigo PX PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (todas las versiones de firmware < V6.00.046) y módulos web Desigo PX PXA30-W0, PXA30-W1, PXA30-W2 para controladores automáticos Desigo PX PXC00-U, PXC64-U, PXC128-U (todas las versiones de firmware < V6.00.046) utilizan un generador de números pseudoaleatorios con entropía insuficiente para generar certificados HTTPS, potencialmente permite a atacantes remotos recontruir la clave privada correspondiente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-332"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-332"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:desigo_web_module_pxa30-w0_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"6.00.00","matchCriteriaId":"C5C10637-A57E-4962-AB67-AE4011D2C089"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:desigo_web_module_pxa30-w1_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"6.00.00","matchCriteriaId":"6286131E-6399-48E4-919F-0190747B8E44"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:desigo_web_module_pxa30-w2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"6.00.00","matchCriteriaId":"88E1B0C0-26EF-4D5E-AF6B-D6E0FA262DAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:desigo_web_module_pxa40-w0_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"6.00.00","matchCriteriaId":"DE4D4A9B-806A-4B40-83A7-C94757D17438"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:desigo_web_module_pxa40-w1_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"6.00.00","matchCriteriaId":"F7DA287F-D035-4938-82F6-0115D6A486DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:desigo_web_module_pxa40-w2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"6.00.00","matchCriteriaId":"5BFB5ABF-932D-4912-9B40-0DF467DE1BEF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:desigo_web_module_pxa30-w0:-:*:*:*:*:*:*:*","matchCriteriaId":"56BC0886-95F1-4FF1-9F91-2CBDDD1AA591"},{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:desigo_web_module_pxa30-w1:-:*:*:*:*:*:*:*","matchCriteriaId":"6D92AC0D-D075-49B4-B93B-B9F916FF09B3"},{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:desigo_web_module_pxa30-w2:-:*:*:*:*:*:*:*","matchCriteriaId":"5F827A9C-8BF8-43FE-818E-DBA46FCD6767"},{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:desigo_web_module_pxa40-w0:-:*:*:*:*:*:*:*","matchCriteriaId":"5BE371AF-ECE2-4C1C-8F02-F4D984D4FFEF"},{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:desigo_web_module_pxa40-w1:-:*:*:*:*:*:*:*","matchCriteriaId":"DD216D86-3876-4086-B44D-EDF1838AE286"},{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:desigo_web_module_pxa40-w2:-:*:*:*:*:*:*:*","matchCriteriaId":"AFA222E8-9A0B-4F2B-9EEB-4ED666079321"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94962","source":"productcert@siemens.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf","source":"productcert@siemens.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-355-01","source":"productcert@siemens.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94962","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-355-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}