CVE-2014-2378

Sensys Networks VSN240-F/VSN240-T <2.10.1/2.10.3 - RCE

Title source: llm

Description

Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.

References (4)

[Various Sources] http://www.sensysnetworks.com/distributors/

[US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-14-247-01

[Various Sources] http://www.sensysnetworks.com/resources-by-category/#sw

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-14-247-01a

Scores

EPSS 0.0019

EPSS Percentile 40.4%

Details

CWE

CWE-494 CWE-94

Status published

Products (17)

Sensys Networks/VSN240-F < TrafficDOT 2.10.3

Sensys Networks/VSN240-F < VDS 1.8.8

Sensys Networks/VSN240-F < VDS 2.10.1

Sensys Networks/VSN240-T < TrafficDOT 2.10.3

Sensys Networks/VSN240-T < VDS 1.8.8

Sensys Networks/VSN240-T < VDS 2.10.1

sensysnetworks/trafficdot 2.8.3

sensysnetworks/trafficdot 2.10.0

sensysnetworks/trafficdot 2.10.1

sensysnetworks/trafficdot < 2.10.2

... and 7 more

Published Sep 05, 2014

Tracked Since Feb 18, 2026