CVE-2014-2362 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

CVSS Score

7.8

HIGH

AV:N/AC:M/Au:N/C:C/I:P/A:N

Confidentiality

COMPLETE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Oleumtech	Sensor Wireless I\/O Module	-
Oleumtech	Wio Dh2 Wireless Gateway	-

Related Weaknesses (CWE)

CWE-338

References

http://support.oleumtech.com/
http://www.securityfocus.com/bid/68797
https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a
http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/68800

FAQ

What is CVE-2014-2362?

CVE-2014-2362 is a vulnerability with a CVSS score of 7.8 (HIGH). OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic pr...

How severe is CVE-2014-2362?

CVE-2014-2362 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2362?

Check the references section above for vendor advisories and patch information. Affected products include: Oleumtech Sensor Wireless I\/O Module, Oleumtech Wio Dh2 Wireless Gateway.