CVE-2014-2361

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mod...

Design/Logic Flaw

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation...

Denial of service

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage...

CVE-2014-2361 OleumTech WIO Family Key Management Errors

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mod...

CVE-2014-2362

The CVE-2014-2362 entry concerns OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, which rely on the time64() value from the C library as entropy for the site security key. This cryptographic weakness can allow an unauthenticated or remote attacker to predict the site key and po...

CVE-2014-2361

Summary (CVE-2014-2361): OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, expose a key management flaw that allows a physically proximate attacker to read the site security key and spoof communication. The issue arises from improper key handling (key managem...

CVE-2014-2360

CVE-2014-2360 affects OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules. The root cause is Improper Input Validation (CWE-20) in the DH2 Gateway’s handling of a high battery voltage field in received packets, which could allow remote attackers to cause the gateway radio receiver ...

OleumTech WIO Family Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-202-01 OleumTech WIO Family Vulnerabilities that was published July 21, 2014, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Security researchers Lucas Apa and Carlos Mario Penagos...

[SA17668] IPsec-Tools ISAKMP IKE Message Processing Denial of Service

TITLE: IPsec-Tools ISAKMP IKE Message Processing Denial of Service SECUNIA ADVISORY ID: SA17668 VERIFY ADVISORY: http://secunia.com/advisories/17668/ CRITICAL: Moderately critical IMPACT: DoS WHERE: From remote SOFTWARE: IPsec-Tools 0.x http://secunia.com/product/3352/ DESCRIPTION: A vulnerabilit...