CVE-2014-2379 - Vulnerability Details - OpenCVE

Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sensysnetworks	Trafficdot Vds Vsn240-f Vsn240-t

Configuration 1 [-]

AND

OR	cpe:2.3:a:sensysnetworks:trafficdot::::::::
	cpe:2.3:a:sensysnetworks:trafficdot:2.8.3:::::::*
	cpe:2.3:a:sensysnetworks:trafficdot:2.10.0:::::::*
	cpe:2.3:a:sensysnetworks:trafficdot:2.10.1:::::::*

OR	cpe:2.3:h:sensysnetworks:vsn240-f:-:::::::*
	cpe:2.3:h:sensysnetworks:vsn240-t:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:a:sensysnetworks:vds::::::::
	cpe:2.3:a:sensysnetworks:vds:1.8.5:::::::*
	cpe:2.3:a:sensysnetworks:vds:1.8.7:::::::*
	cpe:2.3:a:sensysnetworks:vds:2.6.3:::::::*
	cpe:2.3:a:sensysnetworks:vds:2.6.4:::::::*

OR	cpe:2.3:h:sensysnetworks:vsn240-f:-:::::::*
	cpe:2.3:h:sensysnetworks:vsn240-t:-:::::::*

No data.

References

Link	Providers
http://www.sensysnetworks.com/distributors/
http://www.sensysnetworks.com/resources-by-category/#sw
https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01
https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a

History

Mon, 13 Oct 2025 23:15:00 +0000

Type	Values Removed	Values Added
Title		Sensys Networks Traffic Sensor Missing Encryption of Sensitive Data
Weaknesses		CWE-311
References		http://www.sensysnetworks.com/distributors/ http://www.sensysnetworks.com/resources-by-category/#sw https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a
Metrics	cvssV2_0 `{'score': 5.4, 'vector': 'AV:A/AC:M/Au:N/C:P/I:P/A:P'}`	cvssV2_0 `{'score': 4.3, 'vector': 'AV:A/AC:H/Au:N/C:P/I:P/A:P'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2014-09-05T17:00:00

Updated: 2025-10-13T23:02:57.689Z

Reserved: 2014-03-13T00:00:00

Link: CVE-2014-2379

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-09-05T17:55:06.547

Modified: 2025-10-13T23:15:35.540

Link: CVE-2014-2379

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VSN240-F", "vendor": "Sensys Networks", "versions": [{"lessThan": "VDS 2.10.1", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "VDS 1.8.8", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "TrafficDOT 2.10.3", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "VSN240-T", "vendor": "Sensys Networks", "versions": [{"lessThan": "VDS 2.10.1", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "VDS 1.8.8", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "TrafficDOT 2.10.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Cesar Cerrudo of IOActive"}], "datePublic": "2014-09-04T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network."}], "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network."}], "metrics": [{"cvssV2_0": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-13T23:02:57.689Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"}, {"url": "http://www.sensysnetworks.com/resources-by-category/#sw"}, {"url": "http://www.sensysnetworks.com/distributors/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Sensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.<br></p>\n\n<p>Sensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.</p>\n<p>The updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.<br></p>\n\n<p>Additional information about Sensys Networks\u2019 software releases can be found at the following location:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/resources-by-category/#sw\">http://www.sensysnetworks.com/resources-by-category/#sw</a></p><p>Updated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/distributors/\">http://www.sensysnetworks.com/distributors/</a></p>\n\n<br>"}], "value": "Sensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\n\n\n\n\nSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\n\n\nThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\n\n\n\n\nAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\n\n\n http://www.sensysnetworks.com/resources-by-category/#sw \n\nUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\n\n\n http://www.sensysnetworks.com/distributors/"}], "source": {"advisory": "ICSA-14-247-01", "discovery": "EXTERNAL"}, "title": "Sensys Networks Traffic Sensor Missing Encryption of Sensitive Data", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2014-2378", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.982Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2379", "datePublished": "2014-09-05T17:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-13T23:02:57.689Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DDAF38B-AE0B-4DF3-923B-92715D3D10E9", "versionEndIncluding": "2.10.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "9D4CD91C-4002-4A30-B533-14CBF1B045CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C685D52A-A97B-4DB7-AE66-F0FFAAAA5B4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "26D5EDCE-D7EC-45E8-8089-ED120E664E0C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBE6EDF8-061E-4390-A09F-8C2D50951C4F", "vulnerable": true}, {"criteria": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "042983FF-7F9D-4A6D-8505-23C2AF8FE7BA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sensysnetworks:vds:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EACF484-ADB9-491C-A176-5860345A1E02", "versionEndIncluding": "2.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:vds:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "525BAF30-197B-4EF1-8E2E-358240EDB90B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:vds:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "ED1A73FC-7A8C-47B0-BD16-7DBF39F28295", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:vds:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "05B792D3-A6EE-46E6-A461-10ADD327B9C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:vds:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "E008BB72-F728-4293-9BF0-287572688DDE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBE6EDF8-061E-4390-A09F-8C2D50951C4F", "vulnerable": true}, {"criteria": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "042983FF-7F9D-4A6D-8505-23C2AF8FE7BA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network."}, {"lang": "es", "value": "Los sensores VDS Sensys Networks VSN240-F y VSN240-T anterior a 2.10.1 y TrafficDOT anterior a 2.10.3 no utilizan codificaci\u00f3n, lo que permite a atacantes remotos interferir con los controles de trafico mediante la reproducci\u00f3n de transmisiones en una red inal\u00e1mbrica."}], "id": "CVE-2014-2379", "lastModified": "2025-10-13T23:15:35.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-09-05T17:55:06.547", "references": [{"source": "[email protected]", "url": "http://www.sensysnetworks.com/distributors/"}, {"source": "[email protected]", "url": "http://www.sensysnetworks.com/resources-by-category/#sw"}, {"source": "[email protected]", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-310"}], "source": "[email protected]", "type": "Secondary"}]}