7.6
CVE-2014-2378
- EPSS 0.19%
- Veröffentlicht 05.09.2014 17:55:06
- Zuletzt bearbeitet 13.10.2025 23:15:35
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginSensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sensysnetworks ≫ Trafficdot Version <= 2.10.2
Sensysnetworks ≫ Trafficdot Version2.8.3
Sensysnetworks ≫ Trafficdot Version2.10.0
Sensysnetworks ≫ Trafficdot Version2.10.1
Sensysnetworks ≫ Vsn240-f Version-
Sensysnetworks ≫ Vsn240-t Version-
Sensysnetworks ≫ Vds Version <= 2.10.0
Sensysnetworks ≫ Vds Version1.8.5
Sensysnetworks ≫ Vds Version1.8.7
Sensysnetworks ≫ Vds Version2.6.3
Sensysnetworks ≫ Vds Version2.6.4
Sensysnetworks ≫ Vsn240-f Version-
Sensysnetworks ≫ Vsn240-t Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.41 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 5.5 | 9.5 |
AV:A/AC:M/Au:N/C:C/I:C/A:P
|
| ics-cert@hq.dhs.gov | 6.5 | 3.2 | 9.5 |
AV:A/AC:H/Au:N/C:C/I:C/A:P
|
CWE-494 Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.