Cogent DataHub < 7.3.5 Multiple Vulnerabilities

High Nessus Plugin ID 76147


The remote host is running an application that is affected by multiple vulnerabilities.


The remote host is running a version of Cogent DataHub, formerly known as Cascade DataHub and OFC DataHub, that is prior to 7.3.5. It is, therefore, affected by the following vulnerabilities :

- A directory traversal vulnerability exists due improper validation of user-supplied input to the directory specifier. A remote attacker can exploit this to access hard-coded files. (CVE-2014-2352)

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2014-2353)

- An overflow condition exists in the web server due to improper validation of user-supplied input when handling a negative content-length field. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-3788)

- A command injection vulnerability exists in the 'GetPermissions.asp' active server page in the EvalExpresssion method due to improper sanitization of user-supplied input. A remote attacker can exploit this to execute arbitrary commands in the context of the DataHub process. (CVE-2014-3789)

- Multiple vulnerabilities exist related to the bundled OpenSSL 1.0.0d library.


Upgrade to Cogent DataHub version 7.3.5 or later.

See Also

Plugin Details

Severity: High

ID: 76147

File Name: scada_cogent_datahub_7_3_5.nbin

Version: $Revision: 1.23 $

Type: remote

Family: SCADA

Published: 2014/06/19

Modified: 2018/01/29

Dependencies: 70556

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cogentdatahub:cogent_datahub

Required KB Items: Settings/ParanoidReport, SCADA/cogent_datahub

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/04/29

Vulnerability Publication Date: 2014/05/19

Exploitable With

Metasploit (Cogent DataHub Command Injection)

Reference Information

CVE: CVE-2014-2352, CVE-2014-2353, CVE-2014-3788, CVE-2014-3789

BID: 67485, 67486, 67770, 67772

OSVDB: 107096, 107097, 107579, 107580

ICSA: 14-149-02, 14-198-01

EDB-ID: 33880

ZDI: ZDI-14-135, ZDI-14-136