Vulnerabilities > CVE-2014-2379 - Cryptographic Issues vulnerability in Sensysnetworks products

CVSS 5.4 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

sensysnetworks

CWE-310

NVD

Published: 2014-09-05

Updated: 2014-09-08

Summary

Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network.

Vulnerable Configurations

Part	Description	Count
Application	Sensysnetworks Sensysnetworks Trafficdot 2.8.3 Sensysnetworks Trafficdot 2.10.0 Sensysnetworks Trafficdot 2.10.1 Sensysnetworks Trafficdot * Sensysnetworks VDS 1.8.5 Sensysnetworks VDS 1.8.7 Sensysnetworks VDS 2.6.3 Sensysnetworks VDS 2.6.4 Sensysnetworks VDS *	9
Hardware	Sensysnetworks Sensysnetworks Vsn240 F - Sensysnetworks Vsn240 T -	2

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01