← Back

CVE-2014-2378

nvd nist
Published: Sep 5, 2014Modified: May 6, 2026

JSON object

Loading...
7.6
Vector
AV:A/AC:M/Au:N/C:C/I:C/A:P
Exploitability: 5.5 / Impact: 9.5
Source: NVD

Description

Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.

Affected (11)

Sensysnetworks
4 products
Trafficdot
Vds
Vsn240 F
Vsn240 T
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Sensysnetworks
Trafficdot
Up to 2.10.2
Trafficdot
Version 2.10.0
Trafficdot
Version 2.10.1
Trafficdot
Version 2.8.3
Configuration B
7 vulnerable
Vulnerable SoftwareAffected Versions
Sensysnetworks
Vds
Up to 2.10.0
Vds
Version 1.8.5
Vds
Version 1.8.7
Vds
Version 2.6.3
Vds
Version 2.6.4
Vsn240 F
All versions
Vsn240 T
All versions

Related CWEs

CWE-494
Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource

Timeline

No history available yet.