Vulnerabilities > CVE-2014-2362 - Predictable Random Number Generator vulnerability in Oleumtech products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

PARTIAL

Availability impact

NONE

network

oleumtech

NVD

Published: 2014-07-24

Updated: 2016-11-28

Summary

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation. <a href="http://cwe.mitre.org/data/definitions/338.html" target="_blank">CWE-338: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)</a>

Vulnerable Configurations

Part	Description	Count
Hardware	Oleumtech Oleumtech Sensor Wireless I/O Module - Oleumtech WIO DH2 Wireless Gateway -	2

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01
http://www.securityfocus.com/bid/68800