CVE-2014-2362

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:P/A:N

Exploitability : 8.6 / Impact : 7.8

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/68800

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:oleumtech:sensor_wireless_i\/o_module:-:::::::*
	cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:::::::*

History

No history.

Information

Published : 2014-07-24 14:55

Updated : 2023-12-10 11:31

NVD link : CVE-2014-2362

Mitre link : CVE-2014-2362

CVE.ORG link : CVE-2014-2362

JSON object : View

Products Affected

oleumtech

sensor_wireless_i\/o_module
wio_dh2_wireless_gateway

CWE

NVD-CWE-Other

{"id": "CVE-2014-2362", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 7.8, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-07-24T14:55:07.237", "references": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/68800", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation."}, {"lang": "es", "value": "OleumTech WIO DH2 Wireless Gateway y Sensor Wireless I/O Modules dependen exclusivamente de un valor de tiempo para la entrop\u00eda en la generaci\u00f3n de claves, lo que facilita a atacantes remotos derrotar los mecanismos de protecci\u00f3n criptogr\u00e1ficos mediante la predicci\u00f3n del tiempo de creaci\u00f3n de proyectos."}], "lastModified": "2016-11-28T19:11:02.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:oleumtech:sensor_wireless_i\\/o_module:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82FA879C-B098-4A44-9036-43854ACBFD50"}, {"criteria": "cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4055E1A3-F159-4B24-926C-578CE8632331"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/338.html\" target=\"_blank\">CWE-338: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)</a>\n", "sourceIdentifier": "ics-cert@hq.dhs.gov"}