Vulnerability CVE-2014-2361


Published: 2014-07-24

Description:
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Oleumtech -> Sensor wireless i/o module 
Oleumtech -> Wio dh2 wireless gateway 

 References:
http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01
http://www.securityfocus.com/bid/68795

Copyright 2022, cxsecurity.com

 

Back to Top