CVE-2014-2379 (GCVE-0-2014-2379)
Vulnerability from cvelistv5
Published
2014-09-05 17:00
Modified
2025-10-13 23:02
Severity ?
CWE
Summary
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network.
References
Impacted products
Vendor Product Version
Sensys Networks VSN240-F Version: 0   < VDS 2.10.1
Version: 0   < VDS 1.8.8
Version: 0   < TrafficDOT 2.10.3
 Create a notification for this product.
   Sensys Networks VSN240-T Version: 0   < VDS 2.10.1
Version: 0   < VDS 1.8.8
Version: 0   < TrafficDOT 2.10.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:25.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VSN240-F",
          "vendor": "Sensys Networks",
          "versions": [
            {
              "lessThan": "VDS 2.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "VDS 1.8.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "TrafficDOT 2.10.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VSN240-T",
          "vendor": "Sensys Networks",
          "versions": [
            {
              "lessThan": "VDS 2.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "VDS 1.8.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "TrafficDOT 2.10.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cesar Cerrudo of IOActive"
        }
      ],
      "datePublic": "2014-09-04T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network."
            }
          ],
          "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-311",
              "description": "CWE-311",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-13T23:02:57.689Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"
        },
        {
          "url": "http://www.sensysnetworks.com/resources-by-category/#sw"
        },
        {
          "url": "http://www.sensysnetworks.com/distributors/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\u003c/p\u003e\n\u003cp\u003eThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/resources-by-category/#sw\"\u003ehttp://www.sensysnetworks.com/resources-by-category/#sw\u003c/a\u003e\u003c/p\u003e\u003cp\u003eUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/distributors/\"\u003ehttp://www.sensysnetworks.com/distributors/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Sensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\n\n\n\n\nSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\n\n\nThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\n\n\n\n\nAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\n\n\n http://www.sensysnetworks.com/resources-by-category/#sw \n\nUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\n\n\n http://www.sensysnetworks.com/distributors/"
        }
      ],
      "source": {
        "advisory": "ICSA-14-247-01",
        "discovery": "EXTERNAL"
      },
      "title": "Sensys Networks Traffic Sensor Missing Encryption of Sensitive Data",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-2378",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-2379",
    "datePublished": "2014-09-05T17:00:00",
    "dateReserved": "2014-03-13T00:00:00",
    "dateUpdated": "2025-10-13T23:02:57.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2379\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2014-09-05T17:55:06.547\",\"lastModified\":\"2025-10-13T23:15:35.540\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network.\"},{\"lang\":\"es\",\"value\":\"Los sensores VDS Sensys Networks VSN240-F y VSN240-T anterior a 2.10.1 y TrafficDOT anterior a 2.10.3 no utilizan codificaci\u00f3n, lo que permite a atacantes remotos interferir con los controles de trafico mediante la reproducci\u00f3n de transmisiones en una red inal\u00e1mbrica.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":4.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.2,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":5.4,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-311\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sensysnetworks:trafficdot:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.10.2\",\"matchCriteriaId\":\"3DDAF38B-AE0B-4DF3-923B-92715D3D10E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sensysnetworks:trafficdot:2.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D4CD91C-4002-4A30-B533-14CBF1B045CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sensysnetworks:trafficdot:2.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C685D52A-A97B-4DB7-AE66-F0FFAAAA5B4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sensysnetworks:trafficdot:2.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26D5EDCE-D7EC-45E8-8089-ED120E664E0C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE6EDF8-061E-4390-A09F-8C2D50951C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"042983FF-7F9D-4A6D-8505-23C2AF8FE7BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sensysnetworks:vds:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.10.0\",\"matchCriteriaId\":\"3EACF484-ADB9-491C-A176-5860345A1E02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sensysnetworks:vds:1.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"525BAF30-197B-4EF1-8E2E-358240EDB90B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sensysnetworks:vds:1.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED1A73FC-7A8C-47B0-BD16-7DBF39F28295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sensysnetworks:vds:2.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05B792D3-A6EE-46E6-A461-10ADD327B9C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sensysnetworks:vds:2.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E008BB72-F728-4293-9BF0-287572688DDE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE6EDF8-061E-4390-A09F-8C2D50951C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"042983FF-7F9D-4A6D-8505-23C2AF8FE7BA\"}]}]}],\"references\":[{\"url\":\"http://www.sensysnetworks.com/distributors/\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://www.sensysnetworks.com/resources-by-category/#sw\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.