6 vulnerabilities classified as CWE-342 (从先前值可预测准确值). AI Chinese analysis included.
CWE-342 represents a critical weakness in cryptographic and security systems where the output of a random number generator is deterministic rather than truly random. This flaw allows attackers to predict future values by analyzing a sequence of previously observed outputs, effectively breaking the assumption of unpredictability required for secure operations. Exploitation typically involves capturing initial outputs, such as session tokens or encryption keys, and using statistical analysis or known algorithmic patterns to forecast subsequent values. This enables unauthorized access, session hijacking, or data decryption. To mitigate this risk, developers must implement cryptographically secure pseudorandom number generators (CSPRNGs) that incorporate sufficient entropy from multiple unpredictable sources. Regular auditing of randomization logic and avoiding custom implementations are essential practices to ensure that generated values remain statistically independent and resistant to prediction attacks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-3373 | Mitsubishi Electric GOT2000 安全特征问题漏洞 — GOT2000 Series GT21 model | 5.9 | Medium | 2023-08-03 |
| CVE-2022-29930 | JetBrains Ktor Native 安全特征问题特征问题漏洞 — Ktor | 8.7 | High | 2022-05-12 |
| CVE-2022-27577 | Sick MSC800 安全特征问题漏洞 — SICK MSC800 | 9.1 | - | 2022-04-11 |
| CVE-2020-28388 | 多款Siemens产品 安全漏洞 — APOGEE PXC Compact (BACnet) | 6.5 | Medium | 2021-02-09 |
| CVE-2020-16226 | Mitsubishi Electric Multiple Products — QJ71MES96 | 9.8 | - | 2020-10-05 |
| CVE-2014-9196 | Eaton’s Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet — Series Form 6 | 7.5 | - | 2015-07-20 |
Vulnerabilities classified as CWE-342 (从先前值可预测准确值) represent 6 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.