CVE-2014-2361 - OpenCVE

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Oleumtech	Wio Dh2 Wireless Gateway Sensor Wireless I\/o Module

Configuration 1 [-]

OR	cpe:2.3:h:oleumtech:sensor_wireless_i\/o_module:-:::::::*
	cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:::::::*

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/68795

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2014-07-24T14:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2014-03-13T00:00:00

Link: CVE-2014-2361

JSON object: View

NVD Information

Status : Modified

Published: 2014-07-24T14:55:07.190

Modified: 2016-11-28T19:11:01.710

Link: CVE-2014-2361

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-21T00:00:00", "descriptions": [{"lang": "en", "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"}, {"name": "68795", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68795"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2361", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"}, {"name": "68795", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68795"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2361", "datePublished": "2014-07-24T14:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2016-11-25T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:oleumtech:sensor_wireless_i\\/o_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "82FA879C-B098-4A44-9036-43854ACBFD50", "vulnerable": true}, {"criteria": "cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "4055E1A3-F159-4B24-926C-578CE8632331", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode."}, {"lang": "es", "value": "OleumTech WIO DH2 Wireless Gateway y Sensor Wireless I/O Modules, cuando BreeZ est\u00e9 utilizado, no requieren la autenticaci\u00f3n para la lectura de la clave de seguridad del sitio, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos falsificar la comunicaci\u00f3n mediante la obtenci\u00f3n de esta clave despu\u00e9s del uso de acceso directo al hardware o el modo de instalaci\u00f3n manual."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/320.html\" target=\"_blank\">CWE-320: CWE-320: Key Management Errors</a>\n", "id": "CVE-2014-2361", "lastModified": "2016-11-28T19:11:01.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-24T14:55:07.190", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "http://www.securityfocus.com/bid/68795"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}