Vulnerability Details : CVE-2014-2378
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.
Vulnerability category: Execute code
Products affected by CVE-2014-2378
- cpe:2.3:a:sensysnetworks:trafficdot:*:*:*:*:*:*:*:*
- cpe:2.3:a:sensysnetworks:trafficdot:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:sensysnetworks:trafficdot:2.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:sensysnetworks:trafficdot:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*
- cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*
- cpe:2.3:a:sensysnetworks:vds:*:*:*:*:*:*:*:*
- cpe:2.3:a:sensysnetworks:vds:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensysnetworks:vds:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:sensysnetworks:vds:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:sensysnetworks:vds:1.8.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2378
0.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2378
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:A/AC:M/Au:N/C:C/I:C/A:P |
5.5
|
9.5
|
NIST |
CWE ids for CVE-2014-2378
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2378
-
https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01
Access Denied | CISAUS Government Resource
Jump to