Vulnerabilites related to oleumtech - wio_dh2_wireless_gateway
Vulnerability from fkie_nvd
Published
2014-07-24 14:55
Modified
2025-10-06 18:15
Severity ?
Summary
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oleumtech | sensor_wireless_i\/o_module | - | |
| oleumtech | wio_dh2_wireless_gateway | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oleumtech:sensor_wireless_i\\/o_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82FA879C-B098-4A44-9036-43854ACBFD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4055E1A3-F159-4B24-926C-578CE8632331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation."
},
{
"lang": "es",
"value": "OleumTech WIO DH2 Wireless Gateway y Sensor Wireless I/O Modules dependen exclusivamente de un valor de tiempo para la entrop\u00eda en la generaci\u00f3n de claves, lo que facilita a atacantes remotos derrotar los mecanismos de protecci\u00f3n criptogr\u00e1ficos mediante la predicci\u00f3n del tiempo de creaci\u00f3n de proyectos."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/338.html\" target=\"_blank\"\u003eCWE-338: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)\u003c/a\u003e\n",
"id": "CVE-2014-2362",
"lastModified": "2025-10-06T18:15:47.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-24T14:55:07.237",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://support.oleumtech.com/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68800"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-24 14:55
Modified
2025-10-06 18:15
Severity ?
Summary
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oleumtech | sensor_wireless_i\/o_module | - | |
| oleumtech | wio_dh2_wireless_gateway | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oleumtech:sensor_wireless_i\\/o_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82FA879C-B098-4A44-9036-43854ACBFD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4055E1A3-F159-4B24-926C-578CE8632331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
},
{
"lang": "es",
"value": "OleumTech WIO DH2 Wireless Gateway y Sensor Wireless I/O Modules permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes que informan de un voltaje de bater\u00eda alto."
}
],
"id": "CVE-2014-2360",
"lastModified": "2025-10-06T18:15:47.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-24T14:55:07.143",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://support.oleumtech.com/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68797"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-24 14:55
Modified
2025-10-06 18:15
Severity ?
Summary
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oleumtech | sensor_wireless_i\/o_module | - | |
| oleumtech | wio_dh2_wireless_gateway | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oleumtech:sensor_wireless_i\\/o_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82FA879C-B098-4A44-9036-43854ACBFD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4055E1A3-F159-4B24-926C-578CE8632331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode."
},
{
"lang": "es",
"value": "OleumTech WIO DH2 Wireless Gateway y Sensor Wireless I/O Modules, cuando BreeZ est\u00e9 utilizado, no requieren la autenticaci\u00f3n para la lectura de la clave de seguridad del sitio, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos falsificar la comunicaci\u00f3n mediante la obtenci\u00f3n de esta clave despu\u00e9s del uso de acceso directo al hardware o el modo de instalaci\u00f3n manual."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/320.html\" target=\"_blank\"\u003eCWE-320: CWE-320: Key Management Errors\u003c/a\u003e\n",
"id": "CVE-2014-2361",
"lastModified": "2025-10-06T18:15:47.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-24T14:55:07.190",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://support.oleumtech.com/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68795"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-320"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2014-2361 (GCVE-0-2014-2361)
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2025-10-06 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68797 | vdb-entry, x_refsource_BID | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a | ||
| http://support.oleumtech.com/ |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | OleumTech | WIO DH2 Wireless Gateway |
Version: All versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
},
{
"name": "68795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WIO DH2 Wireless Gateway",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sensor Wireless I/O Modules",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive"
}
],
"datePublic": "2014-07-21T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.\n\n\u003c/p\u003e"
}
],
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "CWE-320",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T17:31:55.409Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "68797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68797"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
},
{
"url": "http://support.oleumtech.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.oleumtech.com/\"\u003ehttp://support.oleumtech.com/\u003c/a\u003e\u0026nbsp;) or contact OleumTech tech support:\u003cp\u003ePhone: 866-508-8586\u003c/p\u003e\n\u003cp\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003eTechSupport@OleumTech.com\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center ( http://support.oleumtech.com/ \u00a0) or contact OleumTech tech support:Phone: 866-508-8586\n\n\nEmail: TechSupport@OleumTech.com"
}
],
"source": {
"advisory": "ICSA-14-202-01",
"discovery": "EXTERNAL"
},
"title": "OleumTech WIO Family Key Management Errors",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2361",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-06T17:31:55.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2360 (GCVE-0-2014-2360)
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2025-10-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68797 | vdb-entry, x_refsource_BID | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a | ||
| http://support.oleumtech.com/ |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | OleumTech | WIO DH2 Wireless Gateway |
Version: All versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WIO DH2 Wireless Gateway",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sensor Wireless I/O Modules",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive"
}
],
"datePublic": "2014-07-21T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.\u003c/p\u003e"
}
],
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T17:29:09.954Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "68797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68797"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
},
{
"url": "http://support.oleumtech.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.oleumtech.com/\"\u003ehttp://support.oleumtech.com/\u003c/a\u003e\u0026nbsp;) or contact OleumTech tech support:\u003cp\u003ePhone: 866-508-8586\u003c/p\u003e\n\u003cp\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003eTechSupport@OleumTech.com\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center ( http://support.oleumtech.com/ \u00a0) or contact OleumTech tech support:Phone: 866-508-8586\n\n\nEmail: TechSupport@OleumTech.com"
}
],
"source": {
"advisory": "ICSA-14-202-01",
"discovery": "EXTERNAL"
},
"title": "OleumTech WIO Family Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2360",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-06T17:29:09.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2362 (GCVE-0-2014-2362)
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2025-10-06 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68797 | vdb-entry, x_refsource_BID | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a | ||
| http://support.oleumtech.com/ |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | OleumTech | WIO DH2 Wireless Gateway |
Version: All versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68800"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WIO DH2 Wireless Gateway",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sensor Wireless I/O Modules",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive"
}
],
"datePublic": "2014-07-21T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.\n\n\u003c/p\u003e"
}
],
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T17:33:48.282Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "68797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68797"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
},
{
"url": "http://support.oleumtech.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.oleumtech.com/\"\u003ehttp://support.oleumtech.com/\u003c/a\u003e\u0026nbsp;) or contact OleumTech tech support:\u003cp\u003ePhone: 866-508-8586\u003c/p\u003e\n\u003cp\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003eTechSupport@OleumTech.com\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center ( http://support.oleumtech.com/ \u00a0) or contact OleumTech tech support:Phone: 866-508-8586\n\n\nEmail: TechSupport@OleumTech.com"
}
],
"source": {
"advisory": "ICSA-14-202-01",
"discovery": "EXTERNAL"
},
"title": "OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number Generator",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2362",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-06T17:33:48.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}