CVE-2014-2361

critical

Description

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a

http://www.securityfocus.com/bid/68797

http://www.securityfocus.com/bid/68795

http://support.oleumtech.com/

http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01

Details

Source: Mitre, NVD

Published: 2014-07-24

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00055