CVE-2014-2361 — HIGH (7.2) — White Hats Nepal

Vulnerability Description

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Oleumtech	Sensor Wireless I\/O Module	-
Oleumtech	Wio Dh2 Wireless Gateway	-

Related Weaknesses (CWE)

CWE-320

References

http://support.oleumtech.com/
http://www.securityfocus.com/bid/68797
https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a
http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/68795

FAQ

What is CVE-2014-2361?

CVE-2014-2361 is a vulnerability with a CVSS score of 7.2 (HIGH). OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to ...

How severe is CVE-2014-2361?

CVE-2014-2361 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2361?

Check the references section above for vendor advisories and patch information. Affected products include: Oleumtech Sensor Wireless I\/O Module, Oleumtech Wio Dh2 Wireless Gateway.