CVE-2014-2361 - Vulnerability Details - OpenCVE

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oleumtech	Sensor Wireless I\/o Module Wio Dh2 Wireless Gateway

Configuration 1 [-]

OR	cpe:2.3:h:oleumtech:sensor_wireless_i\/o_module:-:::::::*
	cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:::::::*

No data.

References

Link	Providers
http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01
http://support.oleumtech.com/
http://www.securityfocus.com/bid/68795
http://www.securityfocus.com/bid/68797
https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a

History

Mon, 06 Oct 2025 17:45:00 +0000

Type	Values Removed	Values Added
Title		OleumTech WIO Family Key Management Errors
Weaknesses		CWE-320
References		http://support.oleumtech.com/ http://www.securityfocus.com/bid/68797 https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2014-07-24T14:00:00

Updated: 2025-10-06T17:31:55.409Z

Reserved: 2014-03-13T00:00:00

Link: CVE-2014-2361

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-07-24T14:55:07.190

Modified: 2025-10-06T18:15:47.420

Link: CVE-2014-2361

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WIO DH2 Wireless Gateway", "vendor": "OleumTech", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "Sensor Wireless I/O Modules", "vendor": "OleumTech", "versions": [{"status": "affected", "version": "All versions"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive"}], "datePublic": "2014-07-21T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\nOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.\n\n</p>"}], "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-320", "description": "CWE-320", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-06T17:31:55.409Z"}, "references": [{"name": "68797", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68797"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"}, {"url": "http://support.oleumtech.com/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center (<a target=\"_blank\" rel=\"nofollow\" href=\"http://support.oleumtech.com/\">http://support.oleumtech.com/</a> ) or contact OleumTech tech support:<p>Phone: 866-508-8586</p>\n<p>Email: <a target=\"_blank\" rel=\"nofollow\">TechSupport@OleumTech.com</a></p>"}], "value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center ( http://support.oleumtech.com/ \u00a0) or contact OleumTech tech support:Phone: 866-508-8586\n\n\nEmail: TechSupport@OleumTech.com"}], "source": {"advisory": "ICSA-14-202-01", "discovery": "EXTERNAL"}, "title": "OleumTech WIO Family Key Management Errors", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2360", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "68797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68797"}, {"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.421Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"}, {"name": "68795", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68795"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2361", "datePublished": "2014-07-24T14:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-06T17:31:55.409Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:oleumtech:sensor_wireless_i\\/o_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "82FA879C-B098-4A44-9036-43854ACBFD50", "vulnerable": true}, {"criteria": "cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "4055E1A3-F159-4B24-926C-578CE8632331", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode."}, {"lang": "es", "value": "OleumTech WIO DH2 Wireless Gateway y Sensor Wireless I/O Modules, cuando BreeZ est\u00e9 utilizado, no requieren la autenticaci\u00f3n para la lectura de la clave de seguridad del sitio, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos falsificar la comunicaci\u00f3n mediante la obtenci\u00f3n de esta clave despu\u00e9s del uso de acceso directo al hardware o el modo de instalaci\u00f3n manual."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/320.html\" target=\"_blank\">CWE-320: CWE-320: Key Management Errors</a>\n", "id": "CVE-2014-2361", "lastModified": "2025-10-06T18:15:47.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-24T14:55:07.190", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://support.oleumtech.com/"}, {"source": "ics-cert@hq.dhs.gov", "url": "http://www.securityfocus.com/bid/68797"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/68795"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-320"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Secondary"}]}