CVE-2014-2362

OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number Generator

CVSS 7.8 EPSS 1.6%CWE-338

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

AV:N/AC:M/Au:N/C:C/I:P/A:N

Produtos afetados

OleumTech · Sensor Wireless I/O Modules OleumTech · WIO DH2 Wireless Gateway

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01 http://support.oleumtech.com/https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a http://www.securityfocus.com/bid/68797 http://www.securityfocus.com/bid/68800