Details of VAR-201409-0186

ID

VAR-201409-0186

CVE

CVE-2014-2378

TITLE

Sensys Networks VSN240 Sensor VDS and TrafficDOT Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-004066

DESCRIPTION

Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update. Sensys Networks VSN240-F, VSN240-T sensors VDS and TrafficDOT are wireless traffic detection sensors from Sensys Networks, USA. Sensys Networks VSN240-F and VSN240-T sensors have security bypass vulnerabilities in versions prior to VDS 2.10.1 and versions prior to TrafficDOT 2.10.3. The program failed to verify the integrity of the download update. Multiple Sensys Networks Products are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and cause the system to download the modified code without sufficiently verifying the integrity of the code; this may aid in launching further attacks

Trust: 2.43

sources: NVD: CVE-2014-2378 // JVNDB: JVNDB-2014-004066 // CNVD: CNVD-2014-05492 // BID: 69641

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-05492

AFFECTED PRODUCTS

vendor:	sensysnetworks	model:	trafficdot	scope:	eq	version:	2.10.1	Trust: 1.6
vendor:	sensysnetworks	model:	vds	scope:	eq	version:	1.8.7	Trust: 1.6
vendor:	sensysnetworks	model:	vds	scope:	eq	version:	2.6.4	Trust: 1.6
vendor:	sensysnetworks	model:	trafficdot	scope:	eq	version:	2.10.0	Trust: 1.6
vendor:	sensysnetworks	model:	vds	scope:	eq	version:	1.8.5	Trust: 1.6
vendor:	sensysnetworks	model:	trafficdot	scope:	eq	version:	2.8.3	Trust: 1.6
vendor:	sensysnetworks	model:	vds	scope:	eq	version:	2.6.3	Trust: 1.6
vendor:	sensys	model:	vsn240-f	scope:	-	version:	-	Trust: 1.4
vendor:	sensys	model:	trafficdot	scope:	lt	version:	2.10.3	Trust: 1.4
vendor:	sensysnetworks	model:	vsn240-t	scope:	eq	version:	-	Trust: 1.0
vendor:	sensysnetworks	model:	trafficdot	scope:	lte	version:	2.10.2	Trust: 1.0
vendor:	sensysnetworks	model:	vsn240-f	scope:	eq	version:	-	Trust: 1.0
vendor:	sensysnetworks	model:	vds	scope:	lte	version:	2.10.0	Trust: 1.0
vendor:	sensys	model:	vds	scope:	lt	version:	2.10.1	Trust: 0.8
vendor:	sensys	model:	vsn240-t	scope:	-	version:	-	Trust: 0.8
vendor:	sensys	model:	vsn240-t sensors vds	scope:	lt	version:	2.10.1	Trust: 0.6
vendor:	sensysnetworks	model:	trafficdot	scope:	eq	version:	2.10.2	Trust: 0.6
vendor:	sensysnetworks	model:	vds	scope:	eq	version:	2.10.0	Trust: 0.6

sources: CNVD: CNVD-2014-05492 // CNNVD: CNNVD-201409-051 // JVNDB: JVNDB-2014-004066 // NVD: CVE-2014-2378

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-2378
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2014-2378
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2378
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-05492
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201409-051
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2014-2378
severity:	HIGH
baseScore:	7.6
vectorString:	AV:A/AC:M/AU:N/C:C/I:C/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ics-cert@hq.dhs.gov:	CVE-2014-2378
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2014-05492
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-05492 // CNNVD: CNNVD-201409-051 // JVNDB: JVNDB-2014-004066 // NVD: CVE-2014-2378 // NVD: CVE-2014-2378

PROBLEMTYPE DATA

problemtype:	CWE-94	Trust: 1.8
problemtype:	CWE-494	Trust: 1.0

sources: JVNDB: JVNDB-2014-004066 // NVD: CVE-2014-2378

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201409-051

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201409-051

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004066

PATCH

title:	Channel Partner Resources by Category	url:	http://www.sensysnetworks.com/resources-by-category/	Trust: 0.8
title:	Patches for multiple Sensys Networks product security bypass vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/49792	Trust: 0.6

sources: CNVD: CNVD-2014-05492 // JVNDB: JVNDB-2014-004066

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2378	Trust: 3.3
db:	ICS CERT	id:	ICSA-14-247-01	Trust: 3.0
db:	ICS CERT	id:	ICSA-14-247-01A	Trust: 1.0
db:	BID	id:	69641	Trust: 0.9
db:	JVNDB	id:	JVNDB-2014-004066	Trust: 0.8
db:	CNVD	id:	CNVD-2014-05492	Trust: 0.6
db:	CNNVD	id:	CNNVD-201409-051	Trust: 0.6

sources: CNVD: CNVD-2014-05492 // BID: 69641 // CNNVD: CNNVD-201409-051 // JVNDB: JVNDB-2014-004066 // NVD: CVE-2014-2378

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-14-247-01	Trust: 3.0
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a	Trust: 1.0
url:	http://www.sensysnetworks.com/resources-by-category/#sw	Trust: 1.0
url:	http://www.sensysnetworks.com/distributors/	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2378	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2378	Trust: 0.8
url:	http://www.securityfocus.com/bid/69641	Trust: 0.6

sources: CNVD: CNVD-2014-05492 // CNNVD: CNNVD-201409-051 // JVNDB: JVNDB-2014-004066 // NVD: CVE-2014-2378

CREDITS

Cesar Cerrudo of IOActive

Trust: 0.3

sources: BID: 69641

SOURCES

db:	CNVD	id:	CNVD-2014-05492
db:	BID	id:	69641
db:	CNNVD	id:	CNNVD-201409-051
db:	JVNDB	id:	JVNDB-2014-004066
db:	NVD	id:	CVE-2014-2378

LAST UPDATE DATE

2025-10-15T23:47:41.037000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-05492	date:	2014-09-10T00:00:00
db:	BID	id:	69641	date:	2014-10-30T01:58:00
db:	CNNVD	id:	CNNVD-201409-051	date:	2014-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-004066	date:	2014-09-09T00:00:00
db:	NVD	id:	CVE-2014-2378	date:	2025-10-13T23:15:35.360

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-05492	date:	2014-09-10T00:00:00
db:	BID	id:	69641	date:	2014-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201409-051	date:	2014-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-004066	date:	2014-09-09T00:00:00
db:	NVD	id:	CVE-2014-2378	date:	2014-09-05T17:55:06.500