Sign-up

ID

VAR-201407-0230


CVE

CVE-2014-2361


TITLE

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Module Vulnerabilities in which communication is spoofed

Trust: 0.8

sources: JVNDB: JVNDB-2014-003556

DESCRIPTION

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode. Supplementary information : CWE Vulnerability type by CWE-320: Key Management Errors ( Key management error ) Has been identified. OleumTech is a California company that provides wireless remote monitoring equipment for industrial environments. This key cannot be read remotely when the data system is running. Multiple OleumTech Products are prone to a local security-bypass vulnerability. Attackers with physical access to the device may exploit this issue to bypass certain security restrictions and perform unauthorized actions

Trust: 2.52

sources: NVD: CVE-2014-2361 // JVNDB: JVNDB-2014-003556 // CNVD: CNVD-2014-04600 // BID: 68795 // VULHUB: VHN-70300

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04600

AFFECTED PRODUCTS

vendor:oleumtechmodel:sensor wireless i\/o modulescope:eqversion: -

Trust: 1.6

vendor:oleumtechmodel:wio dh2 wireless gatewayscope:eqversion: -

Trust: 1.6

vendor:oleumtechmodel:wio dh2 wireless gatewayscope: - version: -

Trust: 1.4

vendor:oleumtechmodel:sensor wireless i/o modulescope: - version: -

Trust: 0.8

vendor:oleumtechmodel:sensor wireless i/o modulesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-04600 // CNNVD: CNNVD-201407-593 // JVNDB: JVNDB-2014-003556 // NVD: CVE-2014-2361

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2014-2361
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2014-2361
value: HIGH

Trust: 1.0

NVD: CVE-2014-2361
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-04600
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201407-593
value: HIGH

Trust: 0.6

VULHUB: VHN-70300
value: HIGH

Trust: 0.1

ics-cert@hq.dhs.gov: CVE-2014-2361
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.8

CNVD: CNVD-2014-04600
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70300
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-04600 // VULHUB: VHN-70300 // CNNVD: CNNVD-201407-593 // JVNDB: JVNDB-2014-003556 // NVD: CVE-2014-2361 // NVD: CVE-2014-2361

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-320

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-003556 // NVD: CVE-2014-2361

THREAT TYPE

local

Trust: 0.9

sources: BID: 68795 // CNNVD: CNNVD-201407-593

TYPE

Design Error

Trust: 0.3

sources: BID: 68795

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003556

PATCH
title:Wireless I/O Modulesurl:http://www.oleumtech.com/index.php?section=product&subsection=product_category&category_id=30
Trust: 0.8
title:OleumTech WIO DH2 Wireless Gatewayurl:http://www.ogesc.com/pdfs/OleumTech/6_dh2-wireless-gateway-datasheet.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003556

EXTERNAL IDS
db:NVDid:CVE-2014-2361
Trust: 3.4
db:ICS CERTid:ICSA-14-202-01
Trust: 3.1
db:BIDid:68795
Trust: 2.0
db:ICS CERTid:ICSA-14-202-01A
Trust: 1.0
db:BIDid:68797
Trust: 1.0
db:JVNDBid:JVNDB-2014-003556
Trust: 0.8
db:CNNVDid:CNNVD-201407-593
Trust: 0.7
db:CNVDid:CNVD-2014-04600
Trust: 0.6
db:VULHUBid:VHN-70300
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-04600 // 
            
            
            
            VULHUB: VHN-70300 // 
            
            
            
            BID: 68795 // 
            
            
            
            CNNVD: CNNVD-201407-593 // 
            
            
            
            JVNDB: JVNDB-2014-003556 // 
            
            
            
            NVD: CVE-2014-2361

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-202-01
Trust: 3.1
url:http://www.securityfocus.com/bid/68795
Trust: 1.1
url:https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a
Trust: 1.0
url:http://www.securityfocus.com/bid/68797
Trust: 1.0
url:http://support.oleumtech.com/
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2361
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2361
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2014-04600 // 
            
            
            
            VULHUB: VHN-70300 // 
            
            
            
            CNNVD: CNNVD-201407-593 // 
            
            
            
            JVNDB: JVNDB-2014-003556 // 
            
            
            
            NVD: CVE-2014-2361

CREDITS
Lucas Apa, and Carlos Mario Penagos Hollman of IOActive.
Trust: 0.3
sources:
            
            
            BID: 68795

SOURCES
db:CNVDid:CNVD-2014-04600
db:VULHUBid:VHN-70300
db:BIDid:68795
db:CNNVDid:CNNVD-201407-593
db:JVNDBid:JVNDB-2014-003556
db:NVDid:CVE-2014-2361

LAST UPDATE DATE
2025-10-09T20:29:21.495000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-04600date:2014-07-25T00:00:00
db:VULHUBid:VHN-70300date:2016-11-28T00:00:00
db:BIDid:68795date:2015-07-15T00:10:00
db:CNNVDid:CNNVD-201407-593date:2014-07-29T00:00:00
db:JVNDBid:JVNDB-2014-003556date:2014-07-25T00:00:00
db:NVDid:CVE-2014-2361date:2025-10-06T18:15:47.420

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-04600date:2014-07-25T00:00:00
db:VULHUBid:VHN-70300date:2014-07-24T00:00:00
db:BIDid:68795date:2014-07-21T00:00:00
db:CNNVDid:CNNVD-201407-593date:2014-07-29T00:00:00
db:JVNDBid:JVNDB-2014-003556date:2014-07-25T00:00:00
db:NVDid:CVE-2014-2361date:2014-07-24T14:55:07.190