CVE-2014-2360 - Vulnerability Details - OpenCVE

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oleumtech	Sensor Wireless I\/o Module Wio Dh2 Wireless Gateway

Configuration 1 [-]

OR	cpe:2.3:h:oleumtech:sensor_wireless_i\/o_module:-:::::::*
	cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:::::::*

No data.

References

Link	Providers
http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01
http://support.oleumtech.com/
http://www.securityfocus.com/bid/68797
https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a

History

Mon, 06 Oct 2025 17:45:00 +0000

Type	Values Removed	Values Added
Title		OleumTech WIO Family Improper Input Validation
References		http://support.oleumtech.com/ https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a
Metrics	cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}`	cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2014-07-24T14:00:00

Updated: 2025-10-06T17:29:09.954Z

Reserved: 2014-03-13T00:00:00

Link: CVE-2014-2360

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-07-24T14:55:07.143

Modified: 2025-10-06T18:15:47.220

Link: CVE-2014-2360

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WIO DH2 Wireless Gateway", "vendor": "OleumTech", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "Sensor Wireless I/O Modules", "vendor": "OleumTech", "versions": [{"status": "affected", "version": "All versions"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive"}], "datePublic": "2014-07-21T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.</p>"}], "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-06T17:29:09.954Z"}, "references": [{"name": "68797", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68797"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"}, {"url": "http://support.oleumtech.com/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center (<a target=\"_blank\" rel=\"nofollow\" href=\"http://support.oleumtech.com/\">http://support.oleumtech.com/</a> ) or contact OleumTech tech support:<p>Phone: 866-508-8586</p>\n<p>Email: <a target=\"_blank\" rel=\"nofollow\">[email protected]</a></p>"}], "value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center ( http://support.oleumtech.com/ \u00a0) or contact OleumTech tech support:Phone: 866-508-8586\n\n\nEmail: [email protected]"}], "source": {"advisory": "ICSA-14-202-01", "discovery": "EXTERNAL"}, "title": "OleumTech WIO Family Improper Input Validation", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2014-2360", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "68797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68797"}, {"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.431Z"}, "title": "CVE Program Container", "references": [{"name": "68797", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68797"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2360", "datePublished": "2014-07-24T14:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-06T17:29:09.954Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:oleumtech:sensor_wireless_i\\/o_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "82FA879C-B098-4A44-9036-43854ACBFD50", "vulnerable": true}, {"criteria": "cpe:2.3:h:oleumtech:wio_dh2_wireless_gateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "4055E1A3-F159-4B24-926C-578CE8632331", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."}, {"lang": "es", "value": "OleumTech WIO DH2 Wireless Gateway y Sensor Wireless I/O Modules permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes que informan de un voltaje de bater\u00eda alto."}], "id": "CVE-2014-2360", "lastModified": "2025-10-06T18:15:47.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-24T14:55:07.143", "references": [{"source": "[email protected]", "url": "http://support.oleumtech.com/"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/68797"}, {"source": "[email protected]", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/68797"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "[email protected]", "type": "Secondary"}]}