Sign-up

ID

VAR-201407-0231


CVE

CVE-2014-2362


TITLE

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Module Vulnerabilities that can break cryptographic protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2014-003557

DESCRIPTION

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation. Supplementary information : CWE Vulnerability type by CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) ( Weak in cryptography PRNG Use of ) Has been identified. OleumTech is a California company that provides wireless remote monitoring equipment for industrial environments. Because the site security key is generated using the time64() function in the standard C library, the attacker exploits the vulnerability to obtain the site security key. Attackers can leverage this weakness to aid in brute-force attacks. Other attacks are also possible. A remote attacker could exploit this vulnerability to compromise password protection by predicting when an item was created

Trust: 2.61

sources: NVD: CVE-2014-2362 // JVNDB: JVNDB-2014-003557 // CNVD: CNVD-2014-04598 // BID: 68800 // VULHUB: VHN-70301 // VULMON: CVE-2014-2362

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04598

AFFECTED PRODUCTS

vendor:oleumtechmodel:sensor wireless i\/o modulescope:eqversion: -

Trust: 1.6

vendor:oleumtechmodel:wio dh2 wireless gatewayscope:eqversion: -

Trust: 1.6

vendor:oleumtechmodel:wio dh2 wireless gatewayscope: - version: -

Trust: 1.4

vendor:oleumtechmodel:sensor wireless i/o modulescope: - version: -

Trust: 0.8

vendor:oleumtechmodel:sensor wireless i/o modulesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-04598 // CNNVD: CNNVD-201407-594 // JVNDB: JVNDB-2014-003557 // NVD: CVE-2014-2362

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2014-2362
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2014-2362
value: HIGH

Trust: 1.0

NVD: CVE-2014-2362
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-04598
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201407-594
value: HIGH

Trust: 0.6

VULHUB: VHN-70301
value: HIGH

Trust: 0.1

VULMON: CVE-2014-2362
value: HIGH

Trust: 0.1

ics-cert@hq.dhs.gov: CVE-2014-2362
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:M/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.9

CNVD: CNVD-2014-04598
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70301
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:M/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-04598 // VULHUB: VHN-70301 // VULMON: CVE-2014-2362 // CNNVD: CNNVD-201407-594 // JVNDB: JVNDB-2014-003557 // NVD: CVE-2014-2362 // NVD: CVE-2014-2362

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-338

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-003557 // NVD: CVE-2014-2362

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-594

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201407-594

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003557

PATCH
title:Wireless I/O Modulesurl:http://www.oleumtech.com/index.php?section=product&subsection=product_category&category_id=30
Trust: 0.8
title:OleumTech WIO DH2 Wireless Gatewayurl:http://www.ogesc.com/pdfs/OleumTech/6_dh2-wireless-gateway-datasheet.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003557

EXTERNAL IDS
db:NVDid:CVE-2014-2362
Trust: 3.5
db:ICS CERTid:ICSA-14-202-01
Trust: 3.2
db:BIDid:68800
Trust: 2.1
db:ICS CERTid:ICSA-14-202-01A
Trust: 1.1
db:BIDid:68797
Trust: 1.0
db:JVNDBid:JVNDB-2014-003557
Trust: 0.8
db:CNNVDid:CNNVD-201407-594
Trust: 0.7
db:CNVDid:CNVD-2014-04598
Trust: 0.6
db:VULHUBid:VHN-70301
Trust: 0.1
db:VULMONid:CVE-2014-2362
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-04598 // 
            
            
            
            VULHUB: VHN-70301 // 
            
            
            
            VULMON: CVE-2014-2362 // 
            
            
            
            BID: 68800 // 
            
            
            
            CNNVD: CNNVD-201407-594 // 
            
            
            
            JVNDB: JVNDB-2014-003557 // 
            
            
            
            NVD: CVE-2014-2362

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-202-01
Trust: 3.2
url:http://www.securityfocus.com/bid/68800
Trust: 1.3
url:https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a
Trust: 1.0
url:http://www.securityfocus.com/bid/68797
Trust: 1.0
url:http://support.oleumtech.com/
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2362
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2362
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://ics-cert.us-cert.gov/advisories/icsa-14-202-01a
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-04598 // 
            
            
            
            VULHUB: VHN-70301 // 
            
            
            
            VULMON: CVE-2014-2362 // 
            
            
            
            CNNVD: CNNVD-201407-594 // 
            
            
            
            JVNDB: JVNDB-2014-003557 // 
            
            
            
            NVD: CVE-2014-2362

CREDITS
Lucas Apa, and Carlos Mario Penagos Hollman of IOActive.
Trust: 0.3
sources:
            
            
            BID: 68800

SOURCES
db:CNVDid:CNVD-2014-04598
db:VULHUBid:VHN-70301
db:VULMONid:CVE-2014-2362
db:BIDid:68800
db:CNNVDid:CNNVD-201407-594
db:JVNDBid:JVNDB-2014-003557
db:NVDid:CVE-2014-2362

LAST UPDATE DATE
2025-10-09T19:45:49.876000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-04598date:2014-07-25T00:00:00
db:VULHUBid:VHN-70301date:2016-11-28T00:00:00
db:VULMONid:CVE-2014-2362date:2016-11-28T00:00:00
db:BIDid:68800date:2015-07-15T00:10:00
db:CNNVDid:CNNVD-201407-594date:2014-08-04T00:00:00
db:JVNDBid:JVNDB-2014-003557date:2014-07-25T00:00:00
db:NVDid:CVE-2014-2362date:2025-10-06T18:15:47.580

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-04598date:2014-07-25T00:00:00
db:VULHUBid:VHN-70301date:2014-07-24T00:00:00
db:VULMONid:CVE-2014-2362date:2014-07-24T00:00:00
db:BIDid:68800date:2014-07-21T00:00:00
db:CNNVDid:CNNVD-201407-594date:2014-07-29T00:00:00
db:JVNDBid:JVNDB-2014-003557date:2014-07-25T00:00:00
db:NVDid:CVE-2014-2362date:2014-07-24T14:55:07.237