Cogent Fixes 3 DataHub Vulnerabilities

Friday, May 30, 2014 @ 06:05 PM gHale


Cogent Real-Time Systems created a new version that mitigates three of four vulnerabilities in its DataHub application. In addition, they recommended a mitigation for the unresolved vulnerability, according to a report on ICS-CERT.

Independent researcher Alain Homewood, who found the issue, tested the new version to validate that it resolves three of the four remotely exploitable vulnerabilities.

RELATED STORIES
Siemens Updates ROS Vulnerability
Emerson Fixes DeltaV Vulnerabilities
RuggedCom ROX-based Device Vulnerability
Wonderware Patches Heartbleed Hole

DataHub versions prior to 7.3.5 suffer from the issues.

Successful exploitation of these vulnerabilities could allow an attacker to: Execute arbitrary code in a user’s browser session; traverse directories to access a limited number of hard-coded files and cause a denial-of-service condition; expose weakly encrypted stored usernames and passwords via brute force attacks; and exploit known vulnerabilities in a third-party component, OpenSSL Version 1.0.0d.

Cogent Real-Time Systems, Inc. is a Canadian-based company that produces middleware applications used to interface with control systems.

Cogent’s products see action across several sectors including chemical, commercial facilities, critical manufacturing, energy, financial services, and others. These products see use worldwide, primarily in the United States and Great Britain.

The Cogent DataHub does not perform adequate input sanitization, thereby becoming vulnerable to a reflected cross-site scripting attack. By sending invalid input through the web interface, an attacker can execute arbitrary HTML and script code in a user’s browser session.

CVE-2014-72038 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.1.

The directory specifier can include designators that can traverse the directory path. Exploiting this vulnerability may enable an attacker to access a limited number of hardcoded file types. Further exploitation of this vulnerability may allow an attacker to cause the web server component to enter a denial-of-service condition.

CVE-2014-59156 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

The Cogent DataHub stores usernames and passwords in an unsalted form, lowering each hash’s level of uniqueness making them more susceptible to brute force attacks. An attacker must have administrative privileges and read access to the password database to access hashed usernames and passwords. This vulnerability is not remotely exploitable.

CVE-2014-32537 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.0.

The Cogent DataHub uses a third-party component, OpenSSL Version 1.0.0d known to contain over 19 documented vulnerabilities. The documented vulnerabilities have CVSS v2 base scores ranging from 2.6 to 7.5.

The username and password vulnerability is not remotely exploitable. The other three vulnerabilities are remotely exploitable.

Exploits that target the third-party component, OpenSSL Version 1.0.0d, are in the public domain. No known public exploits specifically target the other three vulnerabilities.

An attacker with a low to moderate skill would be able to exploit these vulnerabilities.

Cogent Real-Time Systems, Inc. has produced a new version of the Cogent DataHub application, Version 7.3.5, that fixes three of the four identified vulnerabilities. Click here for the updated version.

Cogent said it will not be fixing the cryptographic weaknesses of hashed usernames and passwords because of compatibility issues with existing systems. Cogent and the researcher agree an effective mitigation strategy for users is to select sufficiently strong passwords. Cogent said password hashes can end up checked for strength using sites such as crackstation.net.



Leave a Reply

You must be logged in to post a comment.