5.4
CVE-2014-2379
- EPSS 0.28%
- Veröffentlicht 05.09.2014 17:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginSensys Networks Traffic Sensor Missing Encryption of Sensitive Data
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sensysnetworks ≫ Trafficdot Version <= 2.10.2
Sensysnetworks ≫ Trafficdot Version2.8.3
Sensysnetworks ≫ Trafficdot Version2.10.0
Sensysnetworks ≫ Trafficdot Version2.10.1
Sensysnetworks ≫ Vsn240-f Version-
Sensysnetworks ≫ Vsn240-t Version-
Sensysnetworks ≫ Vds Version <= 2.10.0
Sensysnetworks ≫ Vds Version1.8.5
Sensysnetworks ≫ Vds Version1.8.7
Sensysnetworks ≫ Vds Version2.6.3
Sensysnetworks ≫ Vds Version2.6.4
Sensysnetworks ≫ Vsn240-f Version-
Sensysnetworks ≫ Vsn240-t Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.199 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 5.5 | 6.4 |
AV:A/AC:M/Au:N/C:P/I:P/A:P
|
| ics-cert@hq.dhs.gov | 4.3 | 3.2 | 6.4 |
AV:A/AC:H/Au:N/C:P/I:P/A:P
|
CWE-311 Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01
http://www.sensysnetworks.com/distributors/
http://www.sensysnetworks.com/resources-by-category/#sw
https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a