Posts Tagged ‘HTTP header injection vulnerability’

Tuesday, January 17, 2012 @ 05:01 PM gHale

Cogent Real-Times Systems Inc. created a patch for the multiple vulnerabilities in its DataHub application including cross-site scripting and an HTTP header injection vulnerability, also known as a carriage return line feed, according to a report from ICS-CERT.

Kuang-Chun Hung of Security Research and Service Institute — Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported these vulnerabilities to the Japanese Computer Emergency Response Team Coordination Center (JPCERT/CC).

RELATED STORIES
OAS HMI Holes Fixed
Snort to Boost SCADA Security
Siemens Default Password Issues
7-Technologies Vulnerability Part II

The following products suffer from the vulnerabilities:
• Cogent DataHub Version 7.1.2 and earlier
• OPC DataHub Version 6.4.20 and earlier
• Cascade DataHub Version 6.4.20 and earlier.

Successful exploitation of these vulnerabilities could result in one or more of the following:
• An arbitrary script executed on the user’s web browser
• Forged information may display on the user’s web browser
• An HTTP response splitting attack may occur.

Cogent is a Canadian-based company that produces middleware applications used to interface with control systems. DataHub goes across several sectors including manufacturing, building automation, chemical, banking and finance, electric utilities, and others, the company said. Cogent estimates these products sell the most in the United States and Great Britain.

A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks that exploit these vulnerabilities require a user visit a specially crafted URL, which injects client-side scripts into the server’s HTTP response to the client. CVE-2012-0309 is the number been assigned to this vulnerability. The vulnerability has a CVSS V2 base score of 4.3.

An HTTP header injection vulnerability (also known as carriage return line feed) exists in the Cogent DataHub application as the product does not validate or it incorrectly validates input that can affect the control flow or data flow of a program. CVE-2012-0310 is the number assigned to this vulnerability which has a CVSS V2 base score of 4. This vulnerability is remotely exploitable but may social engineering.

An attacker with a low to moderate skill level could exploit these vulnerabilities.

Cogent produced a patch for these vulnerabilities that can be obtained by accessing the Cogent website and filling out the required information.

 
 
Archived Entries