20 matches found
EUVD-2014-2398
Malware in sbrugna...
EUVD-2014-2397
Malware in sbrugna...
EUVD-2014-2396
Malware in sbrugna...
Design/Logic Flaw
OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data...
CVE-2014-2359
OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data...
CVE-2014-2359
CVE-2014-2359 affects OleumTech Wireless Sensor Network devices, where a vulnerability allows remote attackers to read cleartext protocol data, enabling disclosure of sensitive sensor-node information and potential device spoofing. Root cause: lack of encryption in communications. Impact is infor...
CVE-2014-2359
OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data...
CVE-2014-2362
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation...
CVE-2014-2360
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage...
CVE-2014-2361
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mod...
Denial of service
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage...
Design/Logic Flaw
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation...
Authentication flaw
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mod...
CVE-2014-2360 OleumTech WIO Family Improper Input Validation
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage...
CVE-2014-2360
CVE-2014-2360 affects OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules. The root cause is Improper Input Validation (CWE-20) in the DH2 Gateway’s handling of a high battery voltage field in received packets, which could allow remote attackers to cause the gateway radio receiver ...
CVE-2014-2362 OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number Generator
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation...
CVE-2014-2362
The CVE-2014-2362 entry concerns OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, which rely on the time64() value from the C library as entropy for the site security key. This cryptographic weakness can allow an unauthenticated or remote attacker to predict the site key and po...
CVE-2014-2361
Summary (CVE-2014-2361): OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, expose a key management flaw that allows a physically proximate attacker to read the site security key and spoof communication. The issue arises from improper key handling (key managem...
CVE-2014-2361 OleumTech WIO Family Key Management Errors
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mod...
OleumTech WIO Family Vulnerabilities
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-202-01 OleumTech WIO Family Vulnerabilities that was published July 21, 2014, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Security researchers Lucas Apa and Carlos Mario Penagos...