Search criteria
8 vulnerabilities found for vsn240-f by sensysnetworks
VAR-201409-0186
Vulnerability from variot - Updated: 2023-12-18 13:29Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update. Sensys Networks VSN240-F, VSN240-T sensors VDS and TrafficDOT are wireless traffic detection sensors from Sensys Networks, USA. Sensys Networks VSN240-F and VSN240-T sensors have security bypass vulnerabilities in versions prior to VDS 2.10.1 and versions prior to TrafficDOT 2.10.3. The program failed to verify the integrity of the download update. Multiple Sensys Networks Products are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and cause the system to download the modified code without sufficiently verifying the integrity of the code; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vds",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "1.8.5"
},
{
"model": "trafficdot",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "2.10.0"
},
{
"model": "vds",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "1.8.7"
},
{
"model": "vds",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "2.6.3"
},
{
"model": "vds",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "2.6.4"
},
{
"model": "trafficdot",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "2.10.1"
},
{
"model": "trafficdot",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "2.8.3"
},
{
"model": "vsn240-f",
"scope": null,
"trust": 1.4,
"vendor": "sensys",
"version": null
},
{
"model": "trafficdot",
"scope": "lt",
"trust": 1.4,
"vendor": "sensys",
"version": "2.10.3"
},
{
"model": "vsn240-f",
"scope": "eq",
"trust": 1.0,
"vendor": "sensysnetworks",
"version": null
},
{
"model": "vds",
"scope": "lte",
"trust": 1.0,
"vendor": "sensysnetworks",
"version": "2.10.0"
},
{
"model": "trafficdot",
"scope": "lte",
"trust": 1.0,
"vendor": "sensysnetworks",
"version": "2.10.2"
},
{
"model": "vsn240-t",
"scope": "eq",
"trust": 1.0,
"vendor": "sensysnetworks",
"version": null
},
{
"model": "vds",
"scope": "lt",
"trust": 0.8,
"vendor": "sensys",
"version": "2.10.1"
},
{
"model": "vsn240-t",
"scope": null,
"trust": 0.8,
"vendor": "sensys",
"version": null
},
{
"model": "vsn240-t sensors vds",
"scope": "lt",
"trust": 0.6,
"vendor": "sensys",
"version": "2.10.1"
},
{
"model": "trafficdot",
"scope": "eq",
"trust": 0.6,
"vendor": "sensysnetworks",
"version": "2.10.2"
},
{
"model": "vds",
"scope": "eq",
"trust": 0.6,
"vendor": "sensysnetworks",
"version": "2.10.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05492"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004066"
},
{
"db": "NVD",
"id": "CVE-2014-2378"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-051"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:trafficdot:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.10.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:trafficdot:2.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:vds:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:vds:2.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:vds:2.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:vds:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:vds:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2378"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cesar Cerrudo of IOActive",
"sources": [
{
"db": "BID",
"id": "69641"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2378",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-2378",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2014-05492",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2378",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-05492",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-051",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05492"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004066"
},
{
"db": "NVD",
"id": "CVE-2014-2378"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-051"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update. Sensys Networks VSN240-F, VSN240-T sensors VDS and TrafficDOT are wireless traffic detection sensors from Sensys Networks, USA. Sensys Networks VSN240-F and VSN240-T sensors have security bypass vulnerabilities in versions prior to VDS 2.10.1 and versions prior to TrafficDOT 2.10.3. The program failed to verify the integrity of the download update. Multiple Sensys Networks Products are prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass security restrictions and cause the system to download the modified code without sufficiently verifying the integrity of the code; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2378"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004066"
},
{
"db": "CNVD",
"id": "CNVD-2014-05492"
},
{
"db": "BID",
"id": "69641"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2378",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-247-01",
"trust": 3.0
},
{
"db": "BID",
"id": "69641",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004066",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-05492",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201409-051",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05492"
},
{
"db": "BID",
"id": "69641"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004066"
},
{
"db": "NVD",
"id": "CVE-2014-2378"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-051"
}
]
},
"id": "VAR-201409-0186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05492"
}
],
"trust": 1.3638889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05492"
}
]
},
"last_update_date": "2023-12-18T13:29:43.635000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Channel Partner Resources by Category",
"trust": 0.8,
"url": "http://www.sensysnetworks.com/resources-by-category/"
},
{
"title": "Patches for multiple Sensys Networks product security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/49792"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05492"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004066"
},
{
"db": "NVD",
"id": "CVE-2014-2378"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-247-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2378"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2378"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69641"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05492"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004066"
},
{
"db": "NVD",
"id": "CVE-2014-2378"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-051"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-05492"
},
{
"db": "BID",
"id": "69641"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004066"
},
{
"db": "NVD",
"id": "CVE-2014-2378"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-051"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05492"
},
{
"date": "2014-09-05T00:00:00",
"db": "BID",
"id": "69641"
},
{
"date": "2014-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004066"
},
{
"date": "2014-09-05T17:55:06.500000",
"db": "NVD",
"id": "CVE-2014-2378"
},
{
"date": "2014-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-051"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05492"
},
{
"date": "2014-10-30T01:58:00",
"db": "BID",
"id": "69641"
},
{
"date": "2014-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004066"
},
{
"date": "2014-09-08T15:07:45.160000",
"db": "NVD",
"id": "CVE-2014-2378"
},
{
"date": "2014-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-051"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-051"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sensys Networks VSN240 Sensor VDS and TrafficDOT Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004066"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-051"
}
],
"trust": 0.6
}
}
VAR-201409-0187
Vulnerability from variot - Updated: 2023-12-18 13:29Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. Sensys Networks VSN240-F and VSN240-T sensors have security vulnerabilities in versions prior to VDS 2.10.1 and versions prior to TrafficDOT 2.10.3. Because the program does not use encryption. Multiple Sensys Networks Products are prone to a security vulnerability that allows attackers to perform man-in-the-middle attacks. Remote attackers can exploit this issue to gain access to sensitive information through a man-in-the-middle attack. Successful exploits will lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vds",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "1.8.5"
},
{
"model": "trafficdot",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "2.10.0"
},
{
"model": "vds",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "1.8.7"
},
{
"model": "vds",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "2.6.3"
},
{
"model": "vds",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "2.6.4"
},
{
"model": "trafficdot",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "2.10.1"
},
{
"model": "trafficdot",
"scope": "eq",
"trust": 1.6,
"vendor": "sensysnetworks",
"version": "2.8.3"
},
{
"model": "vsn240-f",
"scope": null,
"trust": 1.4,
"vendor": "sensys",
"version": null
},
{
"model": "trafficdot",
"scope": "lt",
"trust": 1.4,
"vendor": "sensys",
"version": "2.10.3"
},
{
"model": "vsn240-f",
"scope": "eq",
"trust": 1.0,
"vendor": "sensysnetworks",
"version": null
},
{
"model": "vds",
"scope": "lte",
"trust": 1.0,
"vendor": "sensysnetworks",
"version": "2.10.0"
},
{
"model": "trafficdot",
"scope": "lte",
"trust": 1.0,
"vendor": "sensysnetworks",
"version": "2.10.2"
},
{
"model": "vsn240-t",
"scope": "eq",
"trust": 1.0,
"vendor": "sensysnetworks",
"version": null
},
{
"model": "vds",
"scope": "lt",
"trust": 0.8,
"vendor": "sensys",
"version": "2.10.1"
},
{
"model": "vsn240-t",
"scope": null,
"trust": 0.8,
"vendor": "sensys",
"version": null
},
{
"model": "vsn240-t sensors vds",
"scope": "lt",
"trust": 0.6,
"vendor": "sensys",
"version": "2.10.1"
},
{
"model": "trafficdot",
"scope": "eq",
"trust": 0.6,
"vendor": "sensysnetworks",
"version": "2.10.2"
},
{
"model": "vds",
"scope": "eq",
"trust": 0.6,
"vendor": "sensysnetworks",
"version": "2.10.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004067"
},
{
"db": "NVD",
"id": "CVE-2014-2379"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-052"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:trafficdot:2.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:trafficdot:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.10.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:vds:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:vds:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:vds:2.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:vds:2.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sensysnetworks:vds:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2379"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cesar Cerrudo of IOActive",
"sources": [
{
"db": "BID",
"id": "69644"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2379",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2379",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2014-05491",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2379",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-05491",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-052",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004067"
},
{
"db": "NVD",
"id": "CVE-2014-2379"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. Sensys Networks VSN240-F and VSN240-T sensors have security vulnerabilities in versions prior to VDS 2.10.1 and versions prior to TrafficDOT 2.10.3. Because the program does not use encryption. Multiple Sensys Networks Products are prone to a security vulnerability that allows attackers to perform man-in-the-middle attacks. \nRemote attackers can exploit this issue to gain access to sensitive information through a man-in-the-middle attack. Successful exploits will lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2379"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004067"
},
{
"db": "CNVD",
"id": "CNVD-2014-05491"
},
{
"db": "BID",
"id": "69644"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2379",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-247-01",
"trust": 3.0
},
{
"db": "BID",
"id": "69644",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004067",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-05491",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201409-052",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05491"
},
{
"db": "BID",
"id": "69644"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004067"
},
{
"db": "NVD",
"id": "CVE-2014-2379"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-052"
}
]
},
"id": "VAR-201409-0187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05491"
}
],
"trust": 1.3638889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05491"
}
]
},
"last_update_date": "2023-12-18T13:29:43.605000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Channel Partner Resources by Category",
"trust": 0.8,
"url": "http://www.sensysnetworks.com/resources-by-category/"
},
{
"title": "Multiple patches for Sensys Networks product man-in-the-middle exploits",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/49790"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004067"
},
{
"db": "NVD",
"id": "CVE-2014-2379"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-247-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2379"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2379"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69644"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004067"
},
{
"db": "NVD",
"id": "CVE-2014-2379"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-05491"
},
{
"db": "BID",
"id": "69644"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004067"
},
{
"db": "NVD",
"id": "CVE-2014-2379"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05491"
},
{
"date": "2014-09-05T00:00:00",
"db": "BID",
"id": "69644"
},
{
"date": "2014-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004067"
},
{
"date": "2014-09-05T17:55:06.547000",
"db": "NVD",
"id": "CVE-2014-2379"
},
{
"date": "2014-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05491"
},
{
"date": "2014-10-30T01:58:00",
"db": "BID",
"id": "69644"
},
{
"date": "2014-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004067"
},
{
"date": "2014-09-08T15:09:13.800000",
"db": "NVD",
"id": "CVE-2014-2379"
},
{
"date": "2014-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sensys Networks VSN240 Sensor VDS and TrafficDOT Vulnerable to traffic control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-052"
}
],
"trust": 0.6
}
}
FKIE_CVE-2014-2379
Vulnerability from fkie_nvd - Published: 2014-09-05 17:55 - Updated: 2025-10-13 23:15
Severity ?
Summary
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sensysnetworks | trafficdot | * | |
| sensysnetworks | trafficdot | 2.8.3 | |
| sensysnetworks | trafficdot | 2.10.0 | |
| sensysnetworks | trafficdot | 2.10.1 | |
| sensysnetworks | vsn240-f | - | |
| sensysnetworks | vsn240-t | - | |
| sensysnetworks | vds | * | |
| sensysnetworks | vds | 1.8.5 | |
| sensysnetworks | vds | 1.8.7 | |
| sensysnetworks | vds | 2.6.3 | |
| sensysnetworks | vds | 2.6.4 | |
| sensysnetworks | vsn240-f | - | |
| sensysnetworks | vsn240-t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDAF38B-AE0B-4DF3-923B-92715D3D10E9",
"versionEndIncluding": "2.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4CD91C-4002-4A30-B533-14CBF1B045CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C685D52A-A97B-4DB7-AE66-F0FFAAAA5B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26D5EDCE-D7EC-45E8-8089-ED120E664E0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE6EDF8-061E-4390-A09F-8C2D50951C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "042983FF-7F9D-4A6D-8505-23C2AF8FE7BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sensysnetworks:vds:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EACF484-ADB9-491C-A176-5860345A1E02",
"versionEndIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:vds:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "525BAF30-197B-4EF1-8E2E-358240EDB90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:vds:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1A73FC-7A8C-47B0-BD16-7DBF39F28295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:vds:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05B792D3-A6EE-46E6-A461-10ADD327B9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:vds:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E008BB72-F728-4293-9BF0-287572688DDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE6EDF8-061E-4390-A09F-8C2D50951C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "042983FF-7F9D-4A6D-8505-23C2AF8FE7BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network."
},
{
"lang": "es",
"value": "Los sensores VDS Sensys Networks VSN240-F y VSN240-T anterior a 2.10.1 y TrafficDOT anterior a 2.10.3 no utilizan codificaci\u00f3n, lo que permite a atacantes remotos interferir con los controles de trafico mediante la reproducci\u00f3n de transmisiones en una red inal\u00e1mbrica."
}
],
"id": "CVE-2014-2379",
"lastModified": "2025-10-13T23:15:35.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.2,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-05T17:55:06.547",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.sensysnetworks.com/distributors/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.sensysnetworks.com/resources-by-category/#sw"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-2378
Vulnerability from fkie_nvd - Published: 2014-09-05 17:55 - Updated: 2025-10-13 23:15
Severity ?
Summary
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sensysnetworks | trafficdot | * | |
| sensysnetworks | trafficdot | 2.8.3 | |
| sensysnetworks | trafficdot | 2.10.0 | |
| sensysnetworks | trafficdot | 2.10.1 | |
| sensysnetworks | vsn240-f | - | |
| sensysnetworks | vsn240-t | - | |
| sensysnetworks | vds | * | |
| sensysnetworks | vds | 1.8.5 | |
| sensysnetworks | vds | 1.8.7 | |
| sensysnetworks | vds | 2.6.3 | |
| sensysnetworks | vds | 2.6.4 | |
| sensysnetworks | vsn240-f | - | |
| sensysnetworks | vsn240-t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDAF38B-AE0B-4DF3-923B-92715D3D10E9",
"versionEndIncluding": "2.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4CD91C-4002-4A30-B533-14CBF1B045CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C685D52A-A97B-4DB7-AE66-F0FFAAAA5B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26D5EDCE-D7EC-45E8-8089-ED120E664E0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE6EDF8-061E-4390-A09F-8C2D50951C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "042983FF-7F9D-4A6D-8505-23C2AF8FE7BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sensysnetworks:vds:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EACF484-ADB9-491C-A176-5860345A1E02",
"versionEndIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:vds:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "525BAF30-197B-4EF1-8E2E-358240EDB90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:vds:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1A73FC-7A8C-47B0-BD16-7DBF39F28295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:vds:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05B792D3-A6EE-46E6-A461-10ADD327B9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sensysnetworks:vds:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E008BB72-F728-4293-9BF0-287572688DDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE6EDF8-061E-4390-A09F-8C2D50951C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "042983FF-7F9D-4A6D-8505-23C2AF8FE7BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."
},
{
"lang": "es",
"value": "Los sensores VDS Sensys Networks VSN240-F y VSN240-T anterior a 2.10.1 y TrafficDOT anterior a 2.10.3 no verifican la integridad de las actualizaciones descargadas, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una actualizaci\u00f3n caballo de troya."
}
],
"id": "CVE-2014-2378",
"lastModified": "2025-10-13T23:15:35.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.2,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-05T17:55:06.500",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.sensysnetworks.com/distributors/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.sensysnetworks.com/resources-by-category/#sw"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2014-2378 (GCVE-0-2014-2378)
Vulnerability from cvelistv5 – Published: 2014-09-05 17:00 – Updated: 2025-10-13 23:00
VLAI?
Summary
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sensys Networks | VSN240-F |
Affected:
0 , < VDS 2.10.1
(custom)
Affected: 0 , < VDS 1.8.8 (custom) Affected: 0 , < TrafficDOT 2.10.3 (custom) |
|||||||
|
|||||||||
Credits
Cesar Cerrudo of IOActive
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VSN240-F",
"vendor": "Sensys Networks",
"versions": [
{
"lessThan": "VDS 2.10.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "VDS 1.8.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TrafficDOT 2.10.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VSN240-T",
"vendor": "Sensys Networks",
"versions": [
{
"lessThan": "VDS 2.10.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "VDS 1.8.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TrafficDOT 2.10.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cesar Cerrudo of IOActive"
}
],
"datePublic": "2014-09-04T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.\u003c/p\u003e"
}
],
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T23:00:45.632Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"
},
{
"url": "http://www.sensysnetworks.com/resources-by-category/#sw"
},
{
"url": "http://www.sensysnetworks.com/distributors/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\u003c/p\u003e\n\u003cp\u003eThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/resources-by-category/#sw\"\u003ehttp://www.sensysnetworks.com/resources-by-category/#sw\u003c/a\u003e\u003c/p\u003e\u003cp\u003eUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/distributors/\"\u003ehttp://www.sensysnetworks.com/distributors/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Sensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\n\n\n\n\nSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\n\n\nThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\n\n\n\n\nAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\n\n\n http://www.sensysnetworks.com/resources-by-category/#sw \n\nUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\n\n\n http://www.sensysnetworks.com/distributors/"
}
],
"source": {
"advisory": "ICSA-14-247-01",
"discovery": "EXTERNAL"
},
"title": "Sensys Networks Traffic Sensor Download of Code Without Integrity Check",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2378",
"datePublished": "2014-09-05T17:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-13T23:00:45.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2379 (GCVE-0-2014-2379)
Vulnerability from cvelistv5 – Published: 2014-09-05 17:00 – Updated: 2025-10-13 23:02
VLAI?
Summary
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sensys Networks | VSN240-F |
Affected:
0 , < VDS 2.10.1
(custom)
Affected: 0 , < VDS 1.8.8 (custom) Affected: 0 , < TrafficDOT 2.10.3 (custom) |
|||||||
|
|||||||||
Credits
Cesar Cerrudo of IOActive
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VSN240-F",
"vendor": "Sensys Networks",
"versions": [
{
"lessThan": "VDS 2.10.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "VDS 1.8.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TrafficDOT 2.10.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VSN240-T",
"vendor": "Sensys Networks",
"versions": [
{
"lessThan": "VDS 2.10.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "VDS 1.8.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TrafficDOT 2.10.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cesar Cerrudo of IOActive"
}
],
"datePublic": "2014-09-04T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network."
}
],
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T23:02:57.689Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"
},
{
"url": "http://www.sensysnetworks.com/resources-by-category/#sw"
},
{
"url": "http://www.sensysnetworks.com/distributors/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\u003c/p\u003e\n\u003cp\u003eThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/resources-by-category/#sw\"\u003ehttp://www.sensysnetworks.com/resources-by-category/#sw\u003c/a\u003e\u003c/p\u003e\u003cp\u003eUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/distributors/\"\u003ehttp://www.sensysnetworks.com/distributors/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Sensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\n\n\n\n\nSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\n\n\nThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\n\n\n\n\nAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\n\n\n http://www.sensysnetworks.com/resources-by-category/#sw \n\nUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\n\n\n http://www.sensysnetworks.com/distributors/"
}
],
"source": {
"advisory": "ICSA-14-247-01",
"discovery": "EXTERNAL"
},
"title": "Sensys Networks Traffic Sensor Missing Encryption of Sensitive Data",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2379",
"datePublished": "2014-09-05T17:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-13T23:02:57.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2378 (GCVE-0-2014-2378)
Vulnerability from nvd – Published: 2014-09-05 17:00 – Updated: 2025-10-13 23:00
VLAI?
Summary
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sensys Networks | VSN240-F |
Affected:
0 , < VDS 2.10.1
(custom)
Affected: 0 , < VDS 1.8.8 (custom) Affected: 0 , < TrafficDOT 2.10.3 (custom) |
|||||||
|
|||||||||
Credits
Cesar Cerrudo of IOActive
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VSN240-F",
"vendor": "Sensys Networks",
"versions": [
{
"lessThan": "VDS 2.10.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "VDS 1.8.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TrafficDOT 2.10.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VSN240-T",
"vendor": "Sensys Networks",
"versions": [
{
"lessThan": "VDS 2.10.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "VDS 1.8.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TrafficDOT 2.10.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cesar Cerrudo of IOActive"
}
],
"datePublic": "2014-09-04T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.\u003c/p\u003e"
}
],
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T23:00:45.632Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"
},
{
"url": "http://www.sensysnetworks.com/resources-by-category/#sw"
},
{
"url": "http://www.sensysnetworks.com/distributors/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\u003c/p\u003e\n\u003cp\u003eThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/resources-by-category/#sw\"\u003ehttp://www.sensysnetworks.com/resources-by-category/#sw\u003c/a\u003e\u003c/p\u003e\u003cp\u003eUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/distributors/\"\u003ehttp://www.sensysnetworks.com/distributors/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Sensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\n\n\n\n\nSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\n\n\nThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\n\n\n\n\nAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\n\n\n http://www.sensysnetworks.com/resources-by-category/#sw \n\nUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\n\n\n http://www.sensysnetworks.com/distributors/"
}
],
"source": {
"advisory": "ICSA-14-247-01",
"discovery": "EXTERNAL"
},
"title": "Sensys Networks Traffic Sensor Download of Code Without Integrity Check",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2378",
"datePublished": "2014-09-05T17:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-13T23:00:45.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2379 (GCVE-0-2014-2379)
Vulnerability from nvd – Published: 2014-09-05 17:00 – Updated: 2025-10-13 23:02
VLAI?
Summary
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sensys Networks | VSN240-F |
Affected:
0 , < VDS 2.10.1
(custom)
Affected: 0 , < VDS 1.8.8 (custom) Affected: 0 , < TrafficDOT 2.10.3 (custom) |
|||||||
|
|||||||||
Credits
Cesar Cerrudo of IOActive
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VSN240-F",
"vendor": "Sensys Networks",
"versions": [
{
"lessThan": "VDS 2.10.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "VDS 1.8.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TrafficDOT 2.10.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VSN240-T",
"vendor": "Sensys Networks",
"versions": [
{
"lessThan": "VDS 2.10.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "VDS 1.8.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TrafficDOT 2.10.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cesar Cerrudo of IOActive"
}
],
"datePublic": "2014-09-04T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network."
}
],
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T23:02:57.689Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"
},
{
"url": "http://www.sensysnetworks.com/resources-by-category/#sw"
},
{
"url": "http://www.sensysnetworks.com/distributors/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\u003c/p\u003e\n\u003cp\u003eThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/resources-by-category/#sw\"\u003ehttp://www.sensysnetworks.com/resources-by-category/#sw\u003c/a\u003e\u003c/p\u003e\u003cp\u003eUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/distributors/\"\u003ehttp://www.sensysnetworks.com/distributors/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Sensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\n\n\n\n\nSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\n\n\nThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\n\n\n\n\nAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\n\n\n http://www.sensysnetworks.com/resources-by-category/#sw \n\nUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\n\n\n http://www.sensysnetworks.com/distributors/"
}
],
"source": {
"advisory": "ICSA-14-247-01",
"discovery": "EXTERNAL"
},
"title": "Sensys Networks Traffic Sensor Missing Encryption of Sensitive Data",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2379",
"datePublished": "2014-09-05T17:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-13T23:02:57.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}