Cogent Patches DataHub Holes

Monday, October 10, 2011 @ 04:10 PM gHale


Cogent Real-Time Systems Inc. created a patch that takes care of the multiple vulnerabilities in its DataHub application including denial-of-service, information leakage, and remote code execution.

Cogent patched the following products:
• Cogent DataHub all of Version 7 until 7.1.2
• OPC DataHub prior to Version 6.4.20
• Cascade DataHub all of Version 6 6.4.20.

Cogent is a Georgetown, Ontario, Canada-based company that produces middleware applications used to interface with control systems.

RELATED STORIES
Beckhoff Patches PoC Weakness
Rockwell Adds More Platform Patches
PoC Holes from SCADA Providers
More ICONICS Holes

DataHub sees use across several sectors including manufacturing, building automation, chemical, banking and finance, electric utilities, Cogent officials said. Cogent said the regions that primarily use Data Hub are the United States and Great Britain.

In one of the vulnerabilities, a stack unicode overflow can occur when a specially crafted packet goes to Port 4502\Transmission Control Protocol (TCP) or Port 4503\TCP, according to ICS-CERT. This attack only affects Cogent DataHub v7. Successful exploitation could lead to denial-of-service or remote code execution.

The vulnerability has a CVE-2011-3493 code assigned to it and it has a CVSS v2 base score of 10.0.

In another problem area, a directory traversal vulnerability can occur when a specially crafted request passes to the web server running on Port 80\TCP. Successful exploitation could result in data leakage.

The vulnerability has a CVE-2011-3500 code and a CVSS v2 base score of 5.0.

An integer overflow can occur when a specially crafted packet goes to Port 80\TCP. Successful exploitation could lead to denial-of-service.

The vulnerability has a CVE-2011-3501 and a CVSS v2 base score of 5.0.

A source disclosure vulnerability can occur when a specially crafted request goes to the web server running on Port 80\TCP. Successful exploitation could result in data leakage.

This vulnerability has a CVE-2011-3502 and a CVSS v2 base score of 5.0.

These vulnerabilities are remotely exploitable and attackers have targeted the vulnerabilities. In addition, an attacker with a low skill level can create the denial-of-service and data leakage, whereas it would require a more skilled attacker to execute arbitrary code.

Cogent recommends the following mitigation strategies.
• Turn off Ports 4502\TCP and 4503\TCP if they are not in use. You can do this in the Tunnel/Mirror properties of Datahub.
• If Ports 4502\TCP and 4503\TCP are in use, configure authentication on all TCP connections. Instructions for doing this are:

  1. Remove all permissions for the special user names “TCP” and “Mirror” in the security properties of the DataHub.
  2. Create a group for users who are authorized, and allow “BasicConnectivity” for that group. The DataHub will then refuse all commands from unauthenticated TCP connections, and still allow authenticated users to connect.

• If DataHub Web Server is not in use, turn it off in the Web Server properties.
• If DataHub Web Server is facing the Internet, configure user and password authentication.
• In both cases, if access to DataHub from the Internet is not required, block Ports 4502\TCP, 4503\TCP, 80\TCP, and 943\TCP at your firewall, and only allow connections on these ports from within your local area network.
• Upgrade to Version 7.1.2 of DataHub or Version 6.4.20 of the OPC DataHub or Cascade DataHub if running in an untrusted environment.



Leave a Reply

You must be logged in to post a comment.