{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VSN240-F", "vendor": "Sensys Networks", "versions": [{"lessThan": "VDS 2.10.1", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "VDS 1.8.8", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "TrafficDOT 2.10.3", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "VSN240-T", "vendor": "Sensys Networks", "versions": [{"lessThan": "VDS 2.10.1", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "VDS 1.8.8", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "TrafficDOT 2.10.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Cesar Cerrudo of IOActive"}], "datePublic": "2014-09-04T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.</p>"}], "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."}], "metrics": [{"cvssV2_0": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:P", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-494", "description": "CWE-494", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-13T23:00:45.632Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"}, {"url": "http://www.sensysnetworks.com/resources-by-category/#sw"}, {"url": "http://www.sensysnetworks.com/distributors/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Sensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.<br></p>\n\n<p>Sensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.</p>\n<p>The updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.<br></p>\n\n<p>Additional information about Sensys Networks\u2019 software releases can be found at the following location:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/resources-by-category/#sw\">http://www.sensysnetworks.com/resources-by-category/#sw</a></p><p>Updated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.sensysnetworks.com/distributors/\">http://www.sensysnetworks.com/distributors/</a></p>\n\n<br>"}], "value": "Sensys Networks has produced updated product versions VDS 2.10.1 and \nTrafficDOT 2.10.3 to remediate vulnerabilities identified in their \nVSN240-F and VSN240-T traffic sensors.\n\n\n\n\nSensys Networks has released software update VDS 1.8.8, for an older \nmodel access point, to remediate traffic sensor vulnerabilities.\n\n\nThe updated human-machine interface version, TrafficDOT 2.10.3, \nenables encrypted software downloads for sensors and sensor data \nauthentication for access points and access point controller cards using\n updated versions VDS 2.10.1 or VDS 1.8.8.\n\n\n\n\nAdditional information about Sensys Networks\u2019 software releases can be found at the following location:\n\n\n http://www.sensysnetworks.com/resources-by-category/#sw \n\nUpdated\n product versions are available through Sensys Networks\u2019 local \ndistributors. Contact information for their local distributors can be \nfound at the following location:\n\n\n http://www.sensysnetworks.com/distributors/"}], "source": {"advisory": "ICSA-14-247-01", "discovery": "EXTERNAL"}, "title": "Sensys Networks Traffic Sensor Download of Code Without Integrity Check", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2378", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.782Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2378", "datePublished": "2014-09-05T17:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-13T23:00:45.632Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DDAF38B-AE0B-4DF3-923B-92715D3D10E9", "versionEndIncluding": "2.10.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "9D4CD91C-4002-4A30-B533-14CBF1B045CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C685D52A-A97B-4DB7-AE66-F0FFAAAA5B4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:trafficdot:2.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "26D5EDCE-D7EC-45E8-8089-ED120E664E0C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBE6EDF8-061E-4390-A09F-8C2D50951C4F", "vulnerable": true}, {"criteria": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "042983FF-7F9D-4A6D-8505-23C2AF8FE7BA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sensysnetworks:vds:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EACF484-ADB9-491C-A176-5860345A1E02", "versionEndIncluding": "2.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:vds:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "525BAF30-197B-4EF1-8E2E-358240EDB90B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:vds:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "ED1A73FC-7A8C-47B0-BD16-7DBF39F28295", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:vds:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "05B792D3-A6EE-46E6-A461-10ADD327B9C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensysnetworks:vds:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "E008BB72-F728-4293-9BF0-287572688DDE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sensysnetworks:vsn240-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBE6EDF8-061E-4390-A09F-8C2D50951C4F", "vulnerable": true}, {"criteria": "cpe:2.3:h:sensysnetworks:vsn240-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "042983FF-7F9D-4A6D-8505-23C2AF8FE7BA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update."}, {"lang": "es", "value": "Los sensores VDS Sensys Networks VSN240-F y VSN240-T anterior a 2.10.1 y TrafficDOT anterior a 2.10.3 no verifican la integridad de las actualizaciones descargadas, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una actualizaci\u00f3n caballo de troya."}], "id": "CVE-2014-2378", "lastModified": "2025-10-13T23:15:35.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:P", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 9.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 9.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-09-05T17:55:06.500", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://www.sensysnetworks.com/distributors/"}, {"source": "ics-cert@hq.dhs.gov", "url": "http://www.sensysnetworks.com/resources-by-category/#sw"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}