10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.047 Low
EPSS
Percentile
92.7%
This Advisory is a follow-up to the Alert, “ICS-ALERT-11-256-03—COGENT DATAHUB VULNERABILITIES,” that was published September 13, 2011, on the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) web page.
ICS-CERT is aware of a public report of multiple vulnerabilities in Cogent’s DataHub application. These vulnerabilities include denial-of-service, information leakage, and remote code execution. Cogent has produced a patch that resolves these vulnerabilities in DataHub.
According to Cogent, the following products are affected:
Successful exploitation of this vulnerability could result in denial-of-service, data leakage, or remote code execution.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their environment, architecture, and product implementation.
Cogent Real-Time Systems Inc. is a Canadian-based company that produces middleware applications that are used to interface with control systems.
According to Cogent, DataHub is deployed across several sectors including manufacturing, building automation, chemical, banking and finance, electric utilities, and others. Cogent estimates these products are used primarily in the United States and Great Britain.
A Stack Unicode Overflow can occur when a specially crafted packet is sent to Port 4502\Transmission Control Protocol (TCP) or Port 4503\TCP. This attack only affects Cogent DataHub v7. Successful exploitation could lead to denial-of-service or remote code execution.
CVE-2011-3493 has been assigned to this vulnerability. A CVSS v2 base score of 10.0 has also been assigned.
A directory traversal vulnerability can occur when a specially crafted request is passed to the web server running on Port 80\TCP. Successful exploitation could result in data leakage.
CVE-2011-3500 has been assigned to this vulnerability
A CVSS v2 base score of 5.0 has also been assigned.
An Integer Overflow can occur when a specially crafted packet is sent to Port 80\TCP. Successful exploitation could lead to denial-of-service.
CVE-2011-3501 has been assigned to this vulnerability.
A CVSS v2 base score of 5.0 has also been assigned.
A Source Disclosure vulnerability can occur when a specially crafted request is passed to the web server running on Port 80\TCP. Successful exploitation could result in data leakage.
CVE-2011-3502 has been assigned to this vulnerability. A CVSS v2 base score of 5.0 has also been assigned.
These vulnerabilities are remotely exploitable.
Public exploit(s) are known to target these vulnerabilities.
An attacker with a low skill level can create the denial-of-service and data leakage, whereas it would require a more skilled attacker to execute arbitrary code.
Cogent recommends the following mitigation strategies.
ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.
The Control Systems Security Program (CSSP) also provides a section for control system security recommended practices on the CSSP web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3493
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3500
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3500
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3501
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3502
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=%20Cogent%20DataHub%20Vulnerabilities+https://www.cisa.gov/news-events/ics-advisories/icsa-11-280-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-11-280-01&title=%20Cogent%20DataHub%20Vulnerabilities
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-11-280-01
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-11-280-01
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=%20Cogent%20DataHub%20Vulnerabilities&body=www.cisa.gov/news-events/ics-advisories/icsa-11-280-01