Vulnerabilites related to OleumTech - WIO DH2 Wireless Gateway
var-201407-0229
Vulnerability from variot
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage. OleumTech is a California company that provides wireless remote monitoring equipment for industrial environments. OleumTech WIO DH2 Wireless Gateway is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause an affected device to crash, resulting in a denial-of-service condition. OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules are both products of OleumTech Corporation in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sensor wireless i\\/o module",
"scope": "eq",
"trust": 1.6,
"vendor": "oleumtech",
"version": null
},
{
"model": "wio dh2 wireless gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "oleumtech",
"version": null
},
{
"model": "wio dh2 wireless gateway",
"scope": null,
"trust": 1.4,
"vendor": "oleumtech",
"version": null
},
{
"model": "sensor wireless i/o module",
"scope": null,
"trust": 0.8,
"vendor": "oleumtech",
"version": null
},
{
"model": "sensor wireless i/o modules",
"scope": null,
"trust": 0.6,
"vendor": "oleumtech",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04599"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003555"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-592"
},
{
"db": "NVD",
"id": "CVE-2014-2360"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:oleumtech:sensor_wireless_i%2Fo_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oleumtech:wio_dh2_wireless_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003555"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive",
"sources": [
{
"db": "BID",
"id": "68797"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2360",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04599",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-70299",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2360",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2360",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04599",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-592",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-70299",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04599"
},
{
"db": "VULHUB",
"id": "VHN-70299"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003555"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-592"
},
{
"db": "NVD",
"id": "CVE-2014-2360"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage. OleumTech is a California company that provides wireless remote monitoring equipment for industrial environments. OleumTech WIO DH2 Wireless Gateway is prone to a remote denial-of-service vulnerability. \nSuccessful exploits may allow an attacker to cause an affected device to crash, resulting in a denial-of-service condition. OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules are both products of OleumTech Corporation in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2360"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003555"
},
{
"db": "CNVD",
"id": "CNVD-2014-04599"
},
{
"db": "BID",
"id": "68797"
},
{
"db": "VULHUB",
"id": "VHN-70299"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2360",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-14-202-01",
"trust": 3.1
},
{
"db": "BID",
"id": "68797",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003555",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-04599",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201407-592",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70299",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04599"
},
{
"db": "VULHUB",
"id": "VHN-70299"
},
{
"db": "BID",
"id": "68797"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003555"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-592"
},
{
"db": "NVD",
"id": "CVE-2014-2360"
}
]
},
"id": "VAR-201407-0229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04599"
},
{
"db": "VULHUB",
"id": "VHN-70299"
}
],
"trust": 1.5125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04599"
}
]
},
"last_update_date": "2024-11-23T21:55:19.480000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wireless I/O Modules",
"trust": 0.8,
"url": "http://www.oleumtech.com/index.php?section=product\u0026subsection=product_category\u0026category_id=30"
},
{
"title": "OleumTech WIO DH2 Wireless Gateway",
"trust": 0.8,
"url": "http://www.ogesc.com/pdfs/OleumTech/6_dh2-wireless-gateway-datasheet.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003555"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70299"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003555"
},
{
"db": "NVD",
"id": "CVE-2014-2360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-202-01"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/68797"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2360"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2360"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04599"
},
{
"db": "VULHUB",
"id": "VHN-70299"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003555"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-592"
},
{
"db": "NVD",
"id": "CVE-2014-2360"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04599"
},
{
"db": "VULHUB",
"id": "VHN-70299"
},
{
"db": "BID",
"id": "68797"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003555"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-592"
},
{
"db": "NVD",
"id": "CVE-2014-2360"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04599"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-70299"
},
{
"date": "2014-07-21T00:00:00",
"db": "BID",
"id": "68797"
},
{
"date": "2014-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003555"
},
{
"date": "2014-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-592"
},
{
"date": "2014-07-24T14:55:07.143000",
"db": "NVD",
"id": "CVE-2014-2360"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04599"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-70299"
},
{
"date": "2015-07-15T00:10:00",
"db": "BID",
"id": "68797"
},
{
"date": "2014-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003555"
},
{
"date": "2014-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-592"
},
{
"date": "2024-11-21T02:06:08.893000",
"db": "NVD",
"id": "CVE-2014-2360"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-592"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Module Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003555"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-592"
}
],
"trust": 0.6
}
}
var-201407-0231
Vulnerability from variot
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation. Supplementary information : CWE Vulnerability type by CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) ( Weak in cryptography PRNG Use of ) Has been identified. OleumTech is a California company that provides wireless remote monitoring equipment for industrial environments. Because the site security key is generated using the time64() function in the standard C library, the attacker exploits the vulnerability to obtain the site security key. Attackers can leverage this weakness to aid in brute-force attacks. Other attacks are also possible. A remote attacker could exploit this vulnerability to compromise password protection by predicting when an item was created
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0231",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sensor wireless i\\/o module",
"scope": "eq",
"trust": 1.6,
"vendor": "oleumtech",
"version": null
},
{
"model": "wio dh2 wireless gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "oleumtech",
"version": null
},
{
"model": "wio dh2 wireless gateway",
"scope": null,
"trust": 1.4,
"vendor": "oleumtech",
"version": null
},
{
"model": "sensor wireless i/o module",
"scope": null,
"trust": 0.8,
"vendor": "oleumtech",
"version": null
},
{
"model": "sensor wireless i/o modules",
"scope": null,
"trust": 0.6,
"vendor": "oleumtech",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04598"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003557"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-594"
},
{
"db": "NVD",
"id": "CVE-2014-2362"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:oleumtech:sensor_wireless_i%2Fo_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oleumtech:wio_dh2_wireless_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003557"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lucas Apa, and Carlos Mario Penagos Hollman of IOActive.",
"sources": [
{
"db": "BID",
"id": "68800"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2362",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2362",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-04598",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-70301",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2362",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2362",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04598",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-594",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-70301",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-2362",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04598"
},
{
"db": "VULHUB",
"id": "VHN-70301"
},
{
"db": "VULMON",
"id": "CVE-2014-2362"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003557"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-594"
},
{
"db": "NVD",
"id": "CVE-2014-2362"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation. Supplementary information : CWE Vulnerability type by CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) ( Weak in cryptography PRNG Use of ) Has been identified. OleumTech is a California company that provides wireless remote monitoring equipment for industrial environments. Because the site security key is generated using the time64() function in the standard C library, the attacker exploits the vulnerability to obtain the site security key. \nAttackers can leverage this weakness to aid in brute-force attacks. Other attacks are also possible. A remote attacker could exploit this vulnerability to compromise password protection by predicting when an item was created",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2362"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003557"
},
{
"db": "CNVD",
"id": "CNVD-2014-04598"
},
{
"db": "BID",
"id": "68800"
},
{
"db": "VULHUB",
"id": "VHN-70301"
},
{
"db": "VULMON",
"id": "CVE-2014-2362"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2362",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-202-01",
"trust": 3.2
},
{
"db": "BID",
"id": "68800",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003557",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-594",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-04598",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70301",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-14-202-01A",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-2362",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04598"
},
{
"db": "VULHUB",
"id": "VHN-70301"
},
{
"db": "VULMON",
"id": "CVE-2014-2362"
},
{
"db": "BID",
"id": "68800"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003557"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-594"
},
{
"db": "NVD",
"id": "CVE-2014-2362"
}
]
},
"id": "VAR-201407-0231",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04598"
},
{
"db": "VULHUB",
"id": "VHN-70301"
}
],
"trust": 1.5125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04598"
}
]
},
"last_update_date": "2024-11-23T21:55:19.409000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wireless I/O Modules",
"trust": 0.8,
"url": "http://www.oleumtech.com/index.php?section=product\u0026subsection=product_category\u0026category_id=30"
},
{
"title": "OleumTech WIO DH2 Wireless Gateway",
"trust": 0.8,
"url": "http://www.ogesc.com/pdfs/OleumTech/6_dh2-wireless-gateway-datasheet.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003557"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003557"
},
{
"db": "NVD",
"id": "CVE-2014-2362"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-202-01"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/68800"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2362"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2362"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-202-01a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04598"
},
{
"db": "VULHUB",
"id": "VHN-70301"
},
{
"db": "VULMON",
"id": "CVE-2014-2362"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003557"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-594"
},
{
"db": "NVD",
"id": "CVE-2014-2362"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04598"
},
{
"db": "VULHUB",
"id": "VHN-70301"
},
{
"db": "VULMON",
"id": "CVE-2014-2362"
},
{
"db": "BID",
"id": "68800"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003557"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-594"
},
{
"db": "NVD",
"id": "CVE-2014-2362"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04598"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-70301"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2362"
},
{
"date": "2014-07-21T00:00:00",
"db": "BID",
"id": "68800"
},
{
"date": "2014-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003557"
},
{
"date": "2014-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-594"
},
{
"date": "2014-07-24T14:55:07.237000",
"db": "NVD",
"id": "CVE-2014-2362"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04598"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-70301"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2362"
},
{
"date": "2015-07-15T00:10:00",
"db": "BID",
"id": "68800"
},
{
"date": "2014-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003557"
},
{
"date": "2014-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-594"
},
{
"date": "2024-11-21T02:06:09.100000",
"db": "NVD",
"id": "CVE-2014-2362"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-594"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Module Vulnerabilities that can break cryptographic protection mechanisms",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003557"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-594"
}
],
"trust": 0.6
}
}
var-201407-0230
Vulnerability from variot
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode. Supplementary information : CWE Vulnerability type by CWE-320: Key Management Errors ( Key management error ) Has been identified. OleumTech is a California company that provides wireless remote monitoring equipment for industrial environments. This key cannot be read remotely when the data system is running. Multiple OleumTech Products are prone to a local security-bypass vulnerability. Attackers with physical access to the device may exploit this issue to bypass certain security restrictions and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sensor wireless i\\/o module",
"scope": "eq",
"trust": 1.6,
"vendor": "oleumtech",
"version": null
},
{
"model": "wio dh2 wireless gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "oleumtech",
"version": null
},
{
"model": "wio dh2 wireless gateway",
"scope": null,
"trust": 1.4,
"vendor": "oleumtech",
"version": null
},
{
"model": "sensor wireless i/o module",
"scope": null,
"trust": 0.8,
"vendor": "oleumtech",
"version": null
},
{
"model": "sensor wireless i/o modules",
"scope": null,
"trust": 0.6,
"vendor": "oleumtech",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04600"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003556"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-593"
},
{
"db": "NVD",
"id": "CVE-2014-2361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:oleumtech:sensor_wireless_i%2Fo_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oleumtech:wio_dh2_wireless_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003556"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lucas Apa, and Carlos Mario Penagos Hollman of IOActive.",
"sources": [
{
"db": "BID",
"id": "68795"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2014-2361",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-04600",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-70300",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2361",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2361",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04600",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-593",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-70300",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04600"
},
{
"db": "VULHUB",
"id": "VHN-70300"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003556"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-593"
},
{
"db": "NVD",
"id": "CVE-2014-2361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode. Supplementary information : CWE Vulnerability type by CWE-320: Key Management Errors ( Key management error ) Has been identified. OleumTech is a California company that provides wireless remote monitoring equipment for industrial environments. This key cannot be read remotely when the data system is running. Multiple OleumTech Products are prone to a local security-bypass vulnerability. \nAttackers with physical access to the device may exploit this issue to bypass certain security restrictions and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2361"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003556"
},
{
"db": "CNVD",
"id": "CNVD-2014-04600"
},
{
"db": "BID",
"id": "68795"
},
{
"db": "VULHUB",
"id": "VHN-70300"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2361",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-14-202-01",
"trust": 3.1
},
{
"db": "BID",
"id": "68795",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003556",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-593",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-04600",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70300",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04600"
},
{
"db": "VULHUB",
"id": "VHN-70300"
},
{
"db": "BID",
"id": "68795"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003556"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-593"
},
{
"db": "NVD",
"id": "CVE-2014-2361"
}
]
},
"id": "VAR-201407-0230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04600"
},
{
"db": "VULHUB",
"id": "VHN-70300"
}
],
"trust": 1.5125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04600"
}
]
},
"last_update_date": "2024-11-23T21:55:19.446000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wireless I/O Modules",
"trust": 0.8,
"url": "http://www.oleumtech.com/index.php?section=product\u0026subsection=product_category\u0026category_id=30"
},
{
"title": "OleumTech WIO DH2 Wireless Gateway",
"trust": 0.8,
"url": "http://www.ogesc.com/pdfs/OleumTech/6_dh2-wireless-gateway-datasheet.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003556"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003556"
},
{
"db": "NVD",
"id": "CVE-2014-2361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-202-01"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/68795"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2361"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2361"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04600"
},
{
"db": "VULHUB",
"id": "VHN-70300"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003556"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-593"
},
{
"db": "NVD",
"id": "CVE-2014-2361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04600"
},
{
"db": "VULHUB",
"id": "VHN-70300"
},
{
"db": "BID",
"id": "68795"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003556"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-593"
},
{
"db": "NVD",
"id": "CVE-2014-2361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04600"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-70300"
},
{
"date": "2014-07-21T00:00:00",
"db": "BID",
"id": "68795"
},
{
"date": "2014-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003556"
},
{
"date": "2014-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-593"
},
{
"date": "2014-07-24T14:55:07.190000",
"db": "NVD",
"id": "CVE-2014-2361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04600"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-70300"
},
{
"date": "2015-07-15T00:10:00",
"db": "BID",
"id": "68795"
},
{
"date": "2014-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003556"
},
{
"date": "2014-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-593"
},
{
"date": "2024-11-21T02:06:09",
"db": "NVD",
"id": "CVE-2014-2361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "68795"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-593"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Module Vulnerabilities in which communication is spoofed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003556"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "68795"
}
],
"trust": 0.3
}
}
CVE-2014-2361 (GCVE-0-2014-2361)
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2025-10-06 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68797 | vdb-entry, x_refsource_BID | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a | ||
| http://support.oleumtech.com/ |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | OleumTech | WIO DH2 Wireless Gateway |
Version: All versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
},
{
"name": "68795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WIO DH2 Wireless Gateway",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sensor Wireless I/O Modules",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive"
}
],
"datePublic": "2014-07-21T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.\n\n\u003c/p\u003e"
}
],
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "CWE-320",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T17:31:55.409Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "68797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68797"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
},
{
"url": "http://support.oleumtech.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.oleumtech.com/\"\u003ehttp://support.oleumtech.com/\u003c/a\u003e\u0026nbsp;) or contact OleumTech tech support:\u003cp\u003ePhone: 866-508-8586\u003c/p\u003e\n\u003cp\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003eTechSupport@OleumTech.com\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center ( http://support.oleumtech.com/ \u00a0) or contact OleumTech tech support:Phone: 866-508-8586\n\n\nEmail: TechSupport@OleumTech.com"
}
],
"source": {
"advisory": "ICSA-14-202-01",
"discovery": "EXTERNAL"
},
"title": "OleumTech WIO Family Key Management Errors",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2361",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-06T17:31:55.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2360 (GCVE-0-2014-2360)
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2025-10-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68797 | vdb-entry, x_refsource_BID | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a | ||
| http://support.oleumtech.com/ |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | OleumTech | WIO DH2 Wireless Gateway |
Version: All versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WIO DH2 Wireless Gateway",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sensor Wireless I/O Modules",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive"
}
],
"datePublic": "2014-07-21T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.\u003c/p\u003e"
}
],
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T17:29:09.954Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "68797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68797"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
},
{
"url": "http://support.oleumtech.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.oleumtech.com/\"\u003ehttp://support.oleumtech.com/\u003c/a\u003e\u0026nbsp;) or contact OleumTech tech support:\u003cp\u003ePhone: 866-508-8586\u003c/p\u003e\n\u003cp\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003eTechSupport@OleumTech.com\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center ( http://support.oleumtech.com/ \u00a0) or contact OleumTech tech support:Phone: 866-508-8586\n\n\nEmail: TechSupport@OleumTech.com"
}
],
"source": {
"advisory": "ICSA-14-202-01",
"discovery": "EXTERNAL"
},
"title": "OleumTech WIO Family Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2360",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-06T17:29:09.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2362 (GCVE-0-2014-2362)
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2025-10-06 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68797 | vdb-entry, x_refsource_BID | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a | ||
| http://support.oleumtech.com/ |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | OleumTech | WIO DH2 Wireless Gateway |
Version: All versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68800"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WIO DH2 Wireless Gateway",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sensor Wireless I/O Modules",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive"
}
],
"datePublic": "2014-07-21T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.\n\n\u003c/p\u003e"
}
],
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T17:33:48.282Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "68797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68797"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
},
{
"url": "http://support.oleumtech.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.oleumtech.com/\"\u003ehttp://support.oleumtech.com/\u003c/a\u003e\u0026nbsp;) or contact OleumTech tech support:\u003cp\u003ePhone: 866-508-8586\u003c/p\u003e\n\u003cp\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003eTechSupport@OleumTech.com\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center ( http://support.oleumtech.com/ \u00a0) or contact OleumTech tech support:Phone: 866-508-8586\n\n\nEmail: TechSupport@OleumTech.com"
}
],
"source": {
"advisory": "ICSA-14-202-01",
"discovery": "EXTERNAL"
},
"title": "OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number Generator",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2362",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-06T17:33:48.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}