CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
91.4%
Dillon Beresford of Cimation has identified four vulnerabilities in the Cogent Real-Time Systems DataHub application. Cogent has produced an update that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely.
Cogent Real-Time Systems reports that these vulnerabilities affect the following versions:
Successful exploitation of these vulnerabilities will cause the affected programs to terminate, causing a denial of service (DoS). Other exploitations of these vulnerabilities may also allow an attacker to alter the program stack or allow the attacker to execute arbitrary code in the context of the applications.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.
Cogent Real-Time Systems, Inc. is a Canadian-based company that produces middleware applications that are used to interface with control systems.
Cogentβs products are deployed across several sectors including manufacturing, building automation, chemical, banking and finance, electric utilities, and others. These products are used worldwide, primarily in the United States and Great Britain.
The DataHub application accepts formatted text commands via a TCP connection on Ports 4502/ TCP and 4503/TCP. These commands are parsed, validated, and executed within the application. The parser contains an error where malformed input will cause the parser to perform a reference through a NULL pointer, causing the application to crash.
CVE-2013-0681 has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C).
The DataHub application contains a built-in Web server that will accept HTTP requests via Ports 80/TCP and 443/TCP. An attacker could send an HTTP request with an unusually long header parameter, causing a stack buffer overflow within the Web server. Typically, this will lead to an application crash, causing a DoS. In theory, a carefully constructed header could be used to overwrite the stack in a predictable way, leading to arbitrary code execution.
CVE-2013-0680 has been assigned to this vulnerability. A CVSS v2 base score of 8.5 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:P/A:C).
The DataSim and DataPid programs connect to the DataHub via a TCP connection. Information and commands are exchanged via formatted text messages over this connection. If the user connects DataSim or DataPid to a server other than the DataHub, and this server is designed to generate random or malformed messages, then DataSim and DataPid could crash.
In order to exploit this scenario, an attacker would need to induce the user to connect DataSim and DataPid to a server other than the DataHub. The simple act of inducing this connection would mean that the data produced by DataPid and DataSim would not be connected to the production system and no data would be delivered to the DataHub. Subsequently, causing DataSim and DataPid to crash would produce no further negative effect on the system.
DataSim and DataPid are not used in production systems and do not pose a risk.
CVE-2013-0683 has been assigned to this vulnerability. A CVSS v2 base score of 7.1 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:N/I:N/A:C).
The DataHub application accepts formatted text commands via a TCP connection. These commands are parsed, validated, and executed within the application. When the parser is sent random data, it may access memory beyond the end of an allocated heap buffer, causing a crash. It may also access memory beyond the end of a stack buffer, providing an opportunity for a carefully crafted message to modify the stack to allow code execution.
CVE-2013-0682 has been assigned to this vulnerability. A CVSS v2 base score of 8.5 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:P/A:C).
These vulnerabilities could be exploited remotely.
No known public exploits specifically target these vulnerabilities.
An attacker with a low skill would be able to exploit these vulnerabilities. It would require a more skilled attacker to execute arbitrary code.
Cogent recommends the following mitigation strategies:
ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT Web page. Several recommended practices are available for reading and download, including_ Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies_. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01BβTargeted Cyber Intrusion Detection and Mitigation Strategies.
nvd.nist.gov/cvss.cfm?version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)
nvd.nist.gov/cvss.cfm?version=2&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:C)
nvd.nist.gov/cvss.cfm?version=2&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:C)
nvd.nist.gov/cvss.cfm?version=2&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C)
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0680
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0681
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0682
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0683
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-13-095-01
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Cogent%20Real-Time%20Systems%20Vulnerabilities+https://www.cisa.gov/news-events/ics-advisories/icsa-13-095-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-13-095-01&title=Cogent%20Real-Time%20Systems%20Vulnerabilities
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-13-095-01
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Cogent%20Real-Time%20Systems%20Vulnerabilities&body=www.cisa.gov/news-events/ics-advisories/icsa-13-095-01