Cogent DataHub < 7.3.5 Multiple Vulnerabilities

high Nessus Plugin ID 76147

Synopsis

The remote host is running an application that is affected by multiple vulnerabilities.

Description

The remote host is running a version of Cogent DataHub, formerly known as Cascade DataHub and OFC DataHub, that is prior to 7.3.5. It is, therefore, affected by the following vulnerabilities :

- A directory traversal vulnerability exists due improper validation of user-supplied input to the directory specifier. A remote attacker can exploit this to access hard-coded files. (CVE-2014-2352)

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2014-2353)

- An overflow condition exists in the web server due to improper validation of user-supplied input when handling a negative content-length field. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-3788)

- A command injection vulnerability exists in the 'GetPermissions.asp' active server page in the EvalExpresssion method due to improper sanitization of user-supplied input. A remote attacker can exploit this to execute arbitrary commands in the context of the DataHub process. (CVE-2014-3789)

- Multiple vulnerabilities exist related to the bundled OpenSSL 1.0.0d library.

Solution

Upgrade to Cogent DataHub version 7.3.5 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-14-135/

https://www.zerodayinitiative.com/advisories/ZDI-14-136/

Plugin Details

Severity: High

ID: 76147

File Name: scada_cogent_datahub_7_3_5.nbin

Version: 1.72

Type: remote

Family: SCADA

Published: 6/19/2014

Updated: 5/20/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:cogentdatahub:cogent_datahub

Required KB Items: Settings/ParanoidReport, SCADA/cogent_datahub

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/29/2014

Vulnerability Publication Date: 5/19/2014

Exploitable With

Metasploit (Cogent DataHub Command Injection)

Reference Information

CVE: CVE-2014-2352, CVE-2014-2353, CVE-2014-3788, CVE-2014-3789

BID: 67485, 67486, 67770, 67772

ICSA: 14-149-02, 14-198-01

ZDI: ZDI-14-135, ZDI-14-136