Search criteria
2 vulnerabilities found for AWAM Bluetooth Reader Traffic System by Post Oak Traffic Systems
CVE-2012-4687 (GCVE-0-2012-4687)
Vulnerability from cvelistv5 – Published: 2012-12-08 15:00 – Updated: 2025-07-09 18:27
VLAI?
Summary
Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Post Oak Traffic Systems | AWAM Bluetooth Reader Traffic System |
Affected:
All versions
|
Credits
research group composed of Nadia Heninger (University of California at San Diego), J. Alex Halderman, Zakir Durumeric, and Eric Wustrow (all from the University of Michigan)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWAM Bluetooth Reader Traffic System",
"vendor": "Post Oak Traffic Systems",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "research group composed of Nadia Heninger (University of California at San Diego), J. Alex Halderman, Zakir Durumeric, and Eric Wustrow (all from the University of Michigan)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePost Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.\u003c/p\u003e"
}
],
"value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T18:27:31.737Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-335-01"
},
{
"url": "http://www.postoaktraffic.com/contact.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems.\n\n\u003cbr\u003e"
}
],
"value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems."
}
],
"source": {
"advisory": "ICSA-12-335-01",
"discovery": "EXTERNAL"
},
"title": "Post Oak Bluetooth Traffic Systems Insufficient Entropy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4687",
"datePublished": "2012-12-08T15:00:00Z",
"dateReserved": "2012-08-28T00:00:00Z",
"dateUpdated": "2025-07-09T18:27:31.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4687 (GCVE-0-2012-4687)
Vulnerability from nvd – Published: 2012-12-08 15:00 – Updated: 2025-07-09 18:27
VLAI?
Summary
Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Post Oak Traffic Systems | AWAM Bluetooth Reader Traffic System |
Affected:
All versions
|
Credits
research group composed of Nadia Heninger (University of California at San Diego), J. Alex Halderman, Zakir Durumeric, and Eric Wustrow (all from the University of Michigan)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWAM Bluetooth Reader Traffic System",
"vendor": "Post Oak Traffic Systems",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "research group composed of Nadia Heninger (University of California at San Diego), J. Alex Halderman, Zakir Durumeric, and Eric Wustrow (all from the University of Michigan)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePost Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.\u003c/p\u003e"
}
],
"value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T18:27:31.737Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-335-01"
},
{
"url": "http://www.postoaktraffic.com/contact.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems.\n\n\u003cbr\u003e"
}
],
"value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems."
}
],
"source": {
"advisory": "ICSA-12-335-01",
"discovery": "EXTERNAL"
},
"title": "Post Oak Bluetooth Traffic Systems Insufficient Entropy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4687",
"datePublished": "2012-12-08T15:00:00Z",
"dateReserved": "2012-08-28T00:00:00Z",
"dateUpdated": "2025-07-09T18:27:31.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}