Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
49 vulnerabilities by cogentdatahub
VAR-201201-0118
Vulnerability from variot - Updated: 2024-02-13 22:52CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability (also known as CRLF, carriage return line feed, injection vulnerability). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a remote attacker sends a crafted HTTP header to a vulnerable system, forged information may be displayed on the user's web browser or an HTTP response splitting attack may be conducted. The following versions are vulnerable: OPC DataHub Cascade DataHub Cogent DataHub. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Cogent DataHub Cross-Site Scripting and HTTP Header Injection Vulnerabilities
SECUNIA ADVISORY ID: SA47496
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47496/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47496
RELEASE DATE: 2012-01-11
DISCUSS ADVISORY: http://secunia.com/advisories/47496/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47496/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47496
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in Cogent DataHub, which can be exploited by malicious people to conduct cross-site scripting attacks and HTTP response splitting attacks.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used to display HTTP headers. This can be exploited to include arbitrary HTTP headers in a response sent to the user.
SOLUTION: Update to version 7.2.0.
ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN63249231/index.html http://jvn.jp/en/jp/JVN12983784/index.html http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000002.html http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000001.html
Cogent: http://www.cogentdatahub.com/ReleaseNotes.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201201-0118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cascade datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "opc datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "cascade datahub",
"scope": "lte",
"trust": 0.8,
"vendor": "cogent real time",
"version": "v6.4.20"
},
{
"model": "datahub",
"scope": "lte",
"trust": 0.8,
"vendor": "cogent real time",
"version": "v7.1.2"
},
{
"model": "opc datahub",
"scope": "lte",
"trust": 0.8,
"vendor": "cogent real time",
"version": "v6.4.20"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "real-time systems cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "opc datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "7.2"
},
{
"model": "datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "7.2"
},
{
"model": "cascade datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "7.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "BID",
"id": "51375"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000002"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-159"
},
{
"db": "NVD",
"id": "CVE-2012-0310"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0310"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute, ICST",
"sources": [
{
"db": "BID",
"id": "51375"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0310",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2012-000002",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-0310",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0310",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2012-000002",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-159",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-0310",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-0310"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000002"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-159"
},
{
"db": "NVD",
"id": "CVE-2012-0310"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability (also known as CRLF, carriage return line feed, injection vulnerability). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a remote attacker sends a crafted HTTP header to a vulnerable system, forged information may be displayed on the user\u0027s web browser or an HTTP response splitting attack may be conducted. \nThe following versions are vulnerable:\nOPC DataHub\nCascade DataHub\nCogent DataHub. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nCogent DataHub Cross-Site Scripting and HTTP Header Injection\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA47496\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47496/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47496\n\nRELEASE DATE:\n2012-01-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47496/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47496/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47496\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Cogent DataHub, which can\nbe exploited by malicious people to conduct cross-site scripting\nattacks and HTTP response splitting attacks. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused to display HTTP headers. This can be exploited to include\narbitrary HTTP headers in a response sent to the user. \n\nSOLUTION:\nUpdate to version 7.2.0. \n\nORIGINAL ADVISORY:\nJVN:\nhttp://jvn.jp/en/jp/JVN63249231/index.html\nhttp://jvn.jp/en/jp/JVN12983784/index.html\nhttp://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000002.html\nhttp://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000001.html\n\nCogent:\nhttp://www.cogentdatahub.com/ReleaseNotes.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0310"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000002"
},
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "BID",
"id": "51375"
},
{
"db": "VULMON",
"id": "CVE-2012-0310"
},
{
"db": "PACKETSTORM",
"id": "108568"
},
{
"db": "PACKETSTORM",
"id": "108571"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2012-000002",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2012-0310",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN63249231",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-12-016-01",
"trust": 2.2
},
{
"db": "BID",
"id": "51375",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "47496",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "47525",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2012-0097",
"trust": 0.6
},
{
"db": "JVN",
"id": "JVN#63249231",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201201-159",
"trust": 0.6
},
{
"db": "JVN",
"id": "JVN12983784",
"trust": 0.2
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000001",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2012-0310",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108571",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "VULMON",
"id": "CVE-2012-0310"
},
{
"db": "BID",
"id": "51375"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000002"
},
{
"db": "PACKETSTORM",
"id": "108568"
},
{
"db": "PACKETSTORM",
"id": "108571"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-159"
},
{
"db": "NVD",
"id": "CVE-2012-0310"
}
]
},
"id": "VAR-201201-0118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0097"
}
],
"trust": 1.34354838
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0097"
}
]
},
"last_update_date": "2024-02-13T22:52:43.037000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/releasenotes.html"
},
{
"title": "Download Software",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/download_software.html"
},
{
"title": "Patches for unclear HTTP header injection vulnerabilities in multiple DataHub products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/7311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-000002"
},
{
"db": "NVD",
"id": "CVE-2012-0310"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://jvn.jp/en/jp/jvn63249231/index.html"
},
{
"trust": 2.2,
"url": "http://www.cogentdatahub.com/releasenotes.html"
},
{
"trust": 2.2,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-016-01.pdf"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2012-000002"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/en/contents/2012/jvndb-2012-000002.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/47496"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/47525"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/51375"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72306"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0310"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0310"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://jvn.jp/en/jp/jvn12983784/index.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://jvndb.jvn.jp/en/contents/2012/jvndb-2012-000001.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47496/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47496/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47496"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47525/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47525/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47525"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "VULMON",
"id": "CVE-2012-0310"
},
{
"db": "BID",
"id": "51375"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000002"
},
{
"db": "PACKETSTORM",
"id": "108568"
},
{
"db": "PACKETSTORM",
"id": "108571"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-159"
},
{
"db": "NVD",
"id": "CVE-2012-0310"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "VULMON",
"id": "CVE-2012-0310"
},
{
"db": "BID",
"id": "51375"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000002"
},
{
"db": "PACKETSTORM",
"id": "108568"
},
{
"db": "PACKETSTORM",
"id": "108571"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-159"
},
{
"db": "NVD",
"id": "CVE-2012-0310"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"date": "2012-01-13T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0310"
},
{
"date": "2012-01-11T00:00:00",
"db": "BID",
"id": "51375"
},
{
"date": "2012-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-000002"
},
{
"date": "2012-01-11T06:58:06",
"db": "PACKETSTORM",
"id": "108568"
},
{
"date": "2012-01-11T06:58:15",
"db": "PACKETSTORM",
"id": "108571"
},
{
"date": "2012-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-159"
},
{
"date": "2012-01-13T04:14:39.037000",
"db": "NVD",
"id": "CVE-2012-0310"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0310"
},
{
"date": "2015-03-19T08:38:00",
"db": "BID",
"id": "51375"
},
{
"date": "2012-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-000002"
},
{
"date": "2012-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-159"
},
{
"date": "2017-08-29T01:30:54.177000",
"db": "NVD",
"id": "CVE-2012-0310"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-159"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub vulnerable to HTTP header injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-000002"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-159"
}
],
"trust": 0.6
}
}
VAR-201109-0172
Vulnerability from variot - Updated: 2024-02-13 22:39Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. Cogent DataHub is software for SCADA and automation. The Cogent DataHub server/service uses a custom web server that listens on port 80. The software does not handle the directory traversal sequence correctly. An attacker can exploit the vulnerability to download files on the server. Cogent DataHub is prone to a directory-traversal vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting the issues may allow an attacker to obtain sensitive information that could aid in further attacks. Cogent DataHub 7.1.1.63 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 1.5,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "real-time systems",
"scope": "eq",
"trust": 0.8,
"vendor": "cogent",
"version": "*"
},
{
"model": "datahub",
"scope": "eq",
"trust": 0.8,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "datahub",
"scope": "lte",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.1.1.63"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.0.2"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7"
},
{
"model": "real-time systems cascade datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems opc datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
},
{
"model": "real-time systems cogent datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "real-time systems cascade datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
}
],
"sources": [
{
"db": "IVD",
"id": "845b627e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"db": "BID",
"id": "49610"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002277"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-273"
},
{
"db": "NVD",
"id": "CVE-2011-3500"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3500"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49610"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
}
],
"trust": 0.9
},
"cve": "CVE-2011-3500",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-3500",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "845b627e-1f88-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3500",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-273",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "845b627e-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-3500",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "845b627e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2011-3500"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002277"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-273"
},
{
"db": "NVD",
"id": "CVE-2011-3500"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in an HTTP request. Cogent DataHub is software for SCADA and automation. The Cogent DataHub server/service uses a custom web server that listens on port 80. The software does not handle the directory traversal sequence correctly. An attacker can exploit the vulnerability to download files on the server. Cogent DataHub is prone to a directory-traversal vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input. \nExploiting the issues may allow an attacker to obtain sensitive information that could aid in further attacks. \nCogent DataHub 7.1.1.63 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3500"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002277"
},
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"db": "BID",
"id": "49610"
},
{
"db": "IVD",
"id": "845b627e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2011-3500"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3500",
"trust": 3.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-03",
"trust": 2.5
},
{
"db": "BID",
"id": "49610",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201109-273",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-11-280-01",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-3672",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-3671",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002277",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184",
"trust": 0.6
},
{
"db": "IVD",
"id": "845B627E-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "A4D2ED7C-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "A4B8C2C6-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "861A1A24-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2011-3500",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "845b627e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"db": "VULMON",
"id": "CVE-2011-3500"
},
{
"db": "BID",
"id": "49610"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002277"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-273"
},
{
"db": "NVD",
"id": "CVE-2011-3500"
}
]
},
"id": "VAR-201109-0172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "845b627e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
}
],
"trust": 2.74354838
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.0
}
],
"sources": [
{
"db": "IVD",
"id": "845b627e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
}
]
},
"last_update_date": "2024-02-13T22:39:10.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002277"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002277"
},
{
"db": "NVD",
"id": "CVE-2011-3500"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-03.pdf"
},
{
"trust": 2.3,
"url": "http://aluigi.altervista.org/adv/cogent_2-adv.txt"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-280-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3500"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3500"
},
{
"trust": 0.6,
"url": "http://aluigi.altervista.org/adv/cogent_4-adv.txt"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49610"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"trust": 0.3,
"url": "http://aluigi.org/mytoolz/mydown.zip"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"db": "VULMON",
"id": "CVE-2011-3500"
},
{
"db": "BID",
"id": "49610"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002277"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-273"
},
{
"db": "NVD",
"id": "CVE-2011-3500"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "845b627e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"db": "VULMON",
"id": "CVE-2011-3500"
},
{
"db": "BID",
"id": "49610"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002277"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-273"
},
{
"db": "NVD",
"id": "CVE-2011-3500"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "845b627e-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"date": "2011-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3500"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49610"
},
{
"date": "2011-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002277"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-273"
},
{
"date": "2011-09-16T17:26:14.870000",
"db": "NVD",
"id": "CVE-2011-3500"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"date": "2011-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3500"
},
{
"date": "2011-10-11T16:20:00",
"db": "BID",
"id": "49610"
},
{
"date": "2012-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002277"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-273"
},
{
"date": "2011-09-19T04:00:00",
"db": "NVD",
"id": "CVE-2011-3500"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-273"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-273"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "845b627e-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4d2ed7c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a4b8c2c6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "861a1a24-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-273"
}
],
"trust": 2.0
}
}
VAR-201405-0535
Vulnerability from variot - Updated: 2023-12-18 14:01GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPermissions.asp component of the web server. Authentication is not required to exploit this vulnerability.The specific flaw exists within the EvalExpresssion method, which is available remotely through the AJAX facility. Using this method, it is possible to execute arbitrary Gamma code. Cogent DataHub is software for SCADA and automation. Versions prior to Cogent DataHub 7.3.5 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0535",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.3.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.3.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "datahub",
"scope": null,
"trust": 1.4,
"vendor": "cogent real time",
"version": null
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.3.4"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.3.3"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.3.2"
},
{
"model": "datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.5"
},
{
"model": "real-time systems cogent datahub",
"scope": null,
"trust": 0.6,
"vendor": "cogent",
"version": null
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.3.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "*"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7.3.8"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7"
},
{
"model": "cogent datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7.3.9"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1"
},
{
"db": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-136"
},
{
"db": "ZDI",
"id": "ZDI-15-438"
},
{
"db": "CNVD",
"id": "CNVD-2014-03106"
},
{
"db": "BID",
"id": "76614"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002621"
},
{
"db": "NVD",
"id": "CVE-2014-3789"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-459"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3789"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "John Leitch",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-136"
},
{
"db": "BID",
"id": "67486"
}
],
"trust": 1.0
},
"cve": "CVE-2014-3789",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3789",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 2.2,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-03106",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f6f85540-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3789",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-3789",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-03106",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-459",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1"
},
{
"db": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-136"
},
{
"db": "ZDI",
"id": "ZDI-15-438"
},
{
"db": "CNVD",
"id": "CNVD-2014-03106"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002621"
},
{
"db": "NVD",
"id": "CVE-2014-3789"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-459"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPermissions.asp component of the web server. Authentication is not required to exploit this vulnerability.The specific flaw exists within the EvalExpresssion method, which is available remotely through the AJAX facility. Using this method, it is possible to execute arbitrary Gamma code. Cogent DataHub is software for SCADA and automation. \nVersions prior to Cogent DataHub 7.3.5 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3789"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002621"
},
{
"db": "ZDI",
"id": "ZDI-14-136"
},
{
"db": "ZDI",
"id": "ZDI-15-438"
},
{
"db": "CNVD",
"id": "CNVD-2014-03106"
},
{
"db": "BID",
"id": "67486"
},
{
"db": "BID",
"id": "76614"
},
{
"db": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1"
},
{
"db": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 4.32
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3789",
"trust": 5.4
},
{
"db": "ZDI",
"id": "ZDI-14-136",
"trust": 4.0
},
{
"db": "BID",
"id": "67486",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-246-01",
"trust": 1.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-198-01",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2014-03106",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201405-459",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002621",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2160",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2981",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-438",
"trust": 0.7
},
{
"db": "BID",
"id": "76614",
"trust": 0.3
},
{
"db": "IVD",
"id": "7D7A6CD1-463F-11E9-B51A-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "F6F85540-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1"
},
{
"db": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-136"
},
{
"db": "ZDI",
"id": "ZDI-15-438"
},
{
"db": "CNVD",
"id": "CNVD-2014-03106"
},
{
"db": "BID",
"id": "67486"
},
{
"db": "BID",
"id": "76614"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002621"
},
{
"db": "NVD",
"id": "CVE-2014-3789"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-459"
}
]
},
"id": "VAR-201405-0535",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1"
},
{
"db": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03106"
}
],
"trust": 1.74354838
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1"
},
{
"db": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03106"
}
]
},
"last_update_date": "2023-12-18T14:01:58.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 1.5,
"url": "http://cogentdatahub.com/releasenotes.html"
},
{
"title": "Cogent Real-Time Systems has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-246-01"
},
{
"title": "Cogent Real-Time Systems DataHub \u0027GetPermissions.asp\u0027 patch for remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/45728"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-136"
},
{
"db": "ZDI",
"id": "ZDI-15-438"
},
{
"db": "CNVD",
"id": "CNVD-2014-03106"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002621"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002621"
},
{
"db": "NVD",
"id": "CVE-2014-3789"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-14-136/"
},
{
"trust": 2.6,
"url": "http://cogentdatahub.com/releasenotes.html"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-246-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/67486"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3789"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3789"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/index.html"
},
{
"trust": 0.3,
"url": "http://cogentdatahub.com/index.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-136"
},
{
"db": "ZDI",
"id": "ZDI-15-438"
},
{
"db": "CNVD",
"id": "CNVD-2014-03106"
},
{
"db": "BID",
"id": "67486"
},
{
"db": "BID",
"id": "76614"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002621"
},
{
"db": "NVD",
"id": "CVE-2014-3789"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-459"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1"
},
{
"db": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-136"
},
{
"db": "ZDI",
"id": "ZDI-15-438"
},
{
"db": "CNVD",
"id": "CNVD-2014-03106"
},
{
"db": "BID",
"id": "67486"
},
{
"db": "BID",
"id": "76614"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002621"
},
{
"db": "NVD",
"id": "CVE-2014-3789"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-459"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-22T00:00:00",
"db": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1"
},
{
"date": "2014-05-22T00:00:00",
"db": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-19T00:00:00",
"db": "ZDI",
"id": "ZDI-14-136"
},
{
"date": "2015-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-438"
},
{
"date": "2014-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03106"
},
{
"date": "2014-05-19T00:00:00",
"db": "BID",
"id": "67486"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76614"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002621"
},
{
"date": "2014-05-22T23:55:03.767000",
"db": "NVD",
"id": "CVE-2014-3789"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-459"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-19T00:00:00",
"db": "ZDI",
"id": "ZDI-14-136"
},
{
"date": "2015-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-438"
},
{
"date": "2014-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03106"
},
{
"date": "2015-03-19T09:10:00",
"db": "BID",
"id": "67486"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76614"
},
{
"date": "2014-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002621"
},
{
"date": "2016-12-08T03:05:41.557000",
"db": "NVD",
"id": "CVE-2014-3789"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-459"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "67486"
},
{
"db": "BID",
"id": "76614"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent Real-Time Systems DataHub \u0027GetPermissions.asp\u0027 Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1"
},
{
"db": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03106"
},
{
"db": "BID",
"id": "67486"
}
],
"trust": 1.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "7d7a6cd1-463f-11e9-b51a-000c29342cb1"
},
{
"db": "IVD",
"id": "f6f85540-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-459"
}
],
"trust": 1.0
}
}
VAR-201603-0039
Vulnerability from variot - Updated: 2023-12-18 14:01Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. Cogent Real-Time Systems Cogent DataHub is a real-time data solution from Cogent Real-Time Systems of Canada, which is part of SCADA (Data Acquisition and Monitoring Control System) and automation software. An elevation of privilege vulnerability exists in Cogent Real-Time Systems Cogent DataHub 7.3.9 and earlier. An attacker could exploit the vulnerability to gain elevated privileges. Cogent DataHub 7.3.9 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.3.9"
},
{
"model": "datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.10"
},
{
"model": "real-time systems cogent datahub",
"scope": "lte",
"trust": 0.6,
"vendor": "cogent",
"version": "\u003c=7.3.9"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.3.9"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5b6ae1e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01894"
},
{
"db": "BID",
"id": "85541"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001917"
},
{
"db": "NVD",
"id": "CVE-2016-2288"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2288"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "BID",
"id": "85541"
}
],
"trust": 0.3
},
"cve": "CVE-2016-2288",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-2288",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01894",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5b6ae1e2-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2288",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-01894",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5b6ae1e2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5b6ae1e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01894"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001917"
},
{
"db": "NVD",
"id": "CVE-2016-2288"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. Cogent Real-Time Systems Cogent DataHub is a real-time data solution from Cogent Real-Time Systems of Canada, which is part of SCADA (Data Acquisition and Monitoring Control System) and automation software. An elevation of privilege vulnerability exists in Cogent Real-Time Systems Cogent DataHub 7.3.9 and earlier. An attacker could exploit the vulnerability to gain elevated privileges. \nCogent DataHub 7.3.9 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2288"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001917"
},
{
"db": "CNVD",
"id": "CNVD-2016-01894"
},
{
"db": "BID",
"id": "85541"
},
{
"db": "IVD",
"id": "5b6ae1e2-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2288",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-084-01",
"trust": 3.3
},
{
"db": "EXPLOIT-DB",
"id": "39630",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-01894",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-391",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001917",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "69678",
"trust": 0.6
},
{
"db": "BID",
"id": "85541",
"trust": 0.3
},
{
"db": "IVD",
"id": "5B6AE1E2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5b6ae1e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01894"
},
{
"db": "BID",
"id": "85541"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001917"
},
{
"db": "NVD",
"id": "CVE-2016-2288"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-391"
}
]
},
"id": "VAR-201603-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5b6ae1e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01894"
}
],
"trust": 1.54354838
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5b6ae1e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01894"
}
]
},
"last_update_date": "2023-12-18T14:01:47.429000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://cogentdatahub.com/releasenotes.html"
},
{
"title": "Patch for Cogent Real-Time Systems Cogent DataHub privilege vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/73299"
},
{
"title": "Cogent Real-Time Systems Cogent DataHub Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60700"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01894"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001917"
},
{
"db": "NVD",
"id": "CVE-2016-2288"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-084-01"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2288"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2288"
},
{
"trust": 0.6,
"url": "http://www.cogentdatahub.com/releasenotes.html"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/69678"
},
{
"trust": 0.3,
"url": "http://cogentdatahub.com/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01894"
},
{
"db": "BID",
"id": "85541"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001917"
},
{
"db": "NVD",
"id": "CVE-2016-2288"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5b6ae1e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01894"
},
{
"db": "BID",
"id": "85541"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001917"
},
{
"db": "NVD",
"id": "CVE-2016-2288"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-28T00:00:00",
"db": "IVD",
"id": "5b6ae1e2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01894"
},
{
"date": "2016-03-24T00:00:00",
"db": "BID",
"id": "85541"
},
{
"date": "2016-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001917"
},
{
"date": "2016-03-29T15:59:01.167000",
"db": "NVD",
"id": "CVE-2016-2288"
},
{
"date": "2016-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01894"
},
{
"date": "2016-07-06T14:10:00",
"db": "BID",
"id": "85541"
},
{
"date": "2016-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001917"
},
{
"date": "2017-09-08T01:29:53.873000",
"db": "NVD",
"id": "CVE-2016-2288"
},
{
"date": "2016-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "85541"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-391"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001917"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-391"
}
],
"trust": 0.6
}
}
VAR-201405-0283
Vulnerability from variot - Updated: 2023-12-18 13:19Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname. Cogent DataHub is software for SCADA and automation. Cogent DataHub is prone to an unspecified directory-traversal vulnerability. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Cogent DataHub 7.3.5 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0283",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.3.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.3.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.3.3"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.3.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.2,
"vendor": "cogentdatahub",
"version": "7.3.4"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.3.4"
},
{
"model": "datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "*"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7.3.5"
}
],
"sources": [
{
"db": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03445"
},
{
"db": "BID",
"id": "67772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002712"
},
{
"db": "NVD",
"id": "CVE-2014-2352"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-582"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2352"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Homewood",
"sources": [
{
"db": "BID",
"id": "67772"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2352",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2352",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-03445",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2352",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-03445",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-582",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03445"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002712"
},
{
"db": "NVD",
"id": "CVE-2014-2352"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-582"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname. Cogent DataHub is software for SCADA and automation. Cogent DataHub is prone to an unspecified directory-traversal vulnerability. \nRemote attackers can use specially crafted requests with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files in the context of the application. \nCogent DataHub 7.3.5 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002712"
},
{
"db": "CNVD",
"id": "CNVD-2014-03445"
},
{
"db": "BID",
"id": "67772"
},
{
"db": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2352",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-149-02",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2014-03445",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201405-582",
"trust": 1.0
},
{
"db": "BID",
"id": "67772",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002712",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D727D91-463F-11E9-A3B5-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "F3B2B308-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03445"
},
{
"db": "BID",
"id": "67772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002712"
},
{
"db": "NVD",
"id": "CVE-2014-2352"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-582"
}
]
},
"id": "VAR-201405-0283",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03445"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03445"
}
]
},
"last_update_date": "2023-12-18T13:19:58.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://cogentdatahub.com/releasenotes.html"
},
{
"title": "Cogent Real-Time Systems DataHub Directory Traversal Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46105"
},
{
"title": "CogentDataHub-7.3.5-140517-Windows",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49994"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03445"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002712"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-582"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002712"
},
{
"db": "NVD",
"id": "CVE-2014-2352"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-149-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2352"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2352"
},
{
"trust": 0.3,
"url": "http://cogentdatahub.com/index.html"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-149-02#footnotee_x5ie90t"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03445"
},
{
"db": "BID",
"id": "67772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002712"
},
{
"db": "NVD",
"id": "CVE-2014-2352"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-582"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03445"
},
{
"db": "BID",
"id": "67772"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002712"
},
{
"db": "NVD",
"id": "CVE-2014-2352"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-582"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-06T00:00:00",
"db": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1"
},
{
"date": "2014-06-06T00:00:00",
"db": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03445"
},
{
"date": "2014-05-29T00:00:00",
"db": "BID",
"id": "67772"
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002712"
},
{
"date": "2014-05-30T23:55:02.847000",
"db": "NVD",
"id": "CVE-2014-2352"
},
{
"date": "2014-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-582"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03445"
},
{
"date": "2015-03-19T08:31:00",
"db": "BID",
"id": "67772"
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002712"
},
{
"date": "2014-06-05T12:49:11.810000",
"db": "NVD",
"id": "CVE-2014-2352"
},
{
"date": "2014-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-582"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-582"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent Real-Time Systems DataHub Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03445"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "7d727d91-463f-11e9-a3b5-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b2b308-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-582"
}
],
"trust": 1.0
}
}
VAR-201405-0284
Vulnerability from variot - Updated: 2023-12-18 13:19Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cogent DataHub is software for SCADA and automation. Cogent DataHub has a reflective cross-site scripting vulnerability that allows an attacker to exploit a vulnerability to build a malicious URI, entice a user to resolve, obtain sensitive cookies, hijack a session, or perform malicious operations on the client. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Cogent DataHub 7.3.5 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0284",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.3.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.3.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 2.2,
"vendor": "cogentdatahub",
"version": "7.3.3"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.3.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.2,
"vendor": "cogentdatahub",
"version": "7.3.4"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.3.4"
},
{
"model": "datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "*"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7.3.5"
}
],
"sources": [
{
"db": "IVD",
"id": "7d725681-463f-11e9-8854-000c29342cb1"
},
{
"db": "IVD",
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03446"
},
{
"db": "BID",
"id": "67770"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002713"
},
{
"db": "NVD",
"id": "CVE-2014-2353"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-583"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2353"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Homewood",
"sources": [
{
"db": "BID",
"id": "67770"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2353",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-2353",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-03446",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "7d725681-463f-11e9-8854-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2353",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-03446",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-583",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d725681-463f-11e9-8854-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d725681-463f-11e9-8854-000c29342cb1"
},
{
"db": "IVD",
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03446"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002713"
},
{
"db": "NVD",
"id": "CVE-2014-2353"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-583"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cogent DataHub is software for SCADA and automation. Cogent DataHub has a reflective cross-site scripting vulnerability that allows an attacker to exploit a vulnerability to build a malicious URI, entice a user to resolve, obtain sensitive cookies, hijack a session, or perform malicious operations on the client. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. \nCogent DataHub 7.3.5 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002713"
},
{
"db": "CNVD",
"id": "CNVD-2014-03446"
},
{
"db": "BID",
"id": "67770"
},
{
"db": "IVD",
"id": "7d725681-463f-11e9-8854-000c29342cb1"
},
{
"db": "IVD",
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2353",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-149-02",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2014-03446",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201405-583",
"trust": 1.0
},
{
"db": "BID",
"id": "67770",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002713",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D725681-463F-11E9-8854-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "F3CB65C4-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d725681-463f-11e9-8854-000c29342cb1"
},
{
"db": "IVD",
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03446"
},
{
"db": "BID",
"id": "67770"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002713"
},
{
"db": "NVD",
"id": "CVE-2014-2353"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-583"
}
]
},
"id": "VAR-201405-0284",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d725681-463f-11e9-8854-000c29342cb1"
},
{
"db": "IVD",
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03446"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d725681-463f-11e9-8854-000c29342cb1"
},
{
"db": "IVD",
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03446"
}
]
},
"last_update_date": "2023-12-18T13:19:58.717000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://cogentdatahub.com/releasenotes.html"
},
{
"title": "Patch for Cogent Real-Time Systems DataHub Reflective Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46102"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03446"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002713"
},
{
"db": "NVD",
"id": "CVE-2014-2353"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-149-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2353"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2353"
},
{
"trust": 0.3,
"url": "http://cogentdatahub.com/index.html"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-149-02#footnotee_x5ie90t"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03446"
},
{
"db": "BID",
"id": "67770"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002713"
},
{
"db": "NVD",
"id": "CVE-2014-2353"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-583"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d725681-463f-11e9-8854-000c29342cb1"
},
{
"db": "IVD",
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03446"
},
{
"db": "BID",
"id": "67770"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002713"
},
{
"db": "NVD",
"id": "CVE-2014-2353"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-583"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-06T00:00:00",
"db": "IVD",
"id": "7d725681-463f-11e9-8854-000c29342cb1"
},
{
"date": "2014-06-06T00:00:00",
"db": "IVD",
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03446"
},
{
"date": "2014-05-29T00:00:00",
"db": "BID",
"id": "67770"
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002713"
},
{
"date": "2014-05-30T23:55:02.910000",
"db": "NVD",
"id": "CVE-2014-2353"
},
{
"date": "2014-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-583"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03446"
},
{
"date": "2015-03-19T08:26:00",
"db": "BID",
"id": "67770"
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002713"
},
{
"date": "2014-06-05T12:36:32.270000",
"db": "NVD",
"id": "CVE-2014-2353"
},
{
"date": "2014-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-583"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-583"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent Real-Time Systems DataHub Reflective Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d725681-463f-11e9-8854-000c29342cb1"
},
{
"db": "IVD",
"id": "f3cb65c4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03446"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-583"
}
],
"trust": 0.6
}
}
VAR-201405-0285
Vulnerability from variot - Updated: 2023-12-18 13:19Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. Cogent DataHub is a real-time data solution for SCADA and automation software. Successful exploits will allow the local attackers to perform cryptanalysis to recover the encrypted usernames and passwords to access the system. Versions prior to Cogent DataHub 7.3.5 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0285",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.3.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.3.3"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.3.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.3.4"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.3.0"
},
{
"model": "datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.5"
},
{
"model": "real-time systems cogent datahub",
"scope": "lt",
"trust": 0.6,
"vendor": "cogent",
"version": "7.3.5"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.3.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1"
},
{
"db": "IVD",
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03426"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002714"
},
{
"db": "NVD",
"id": "CVE-2014-2354"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-584"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2354"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Homewood",
"sources": [
{
"db": "BID",
"id": "67773"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2354",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2354",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "CNVD-2014-03426",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2354",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-03426",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-584",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1"
},
{
"db": "IVD",
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03426"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002714"
},
{
"db": "NVD",
"id": "CVE-2014-2354"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-584"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. Cogent DataHub is a real-time data solution for SCADA and automation software. \nSuccessful exploits will allow the local attackers to perform cryptanalysis to recover the encrypted usernames and passwords to access the system. \nVersions prior to Cogent DataHub 7.3.5 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002714"
},
{
"db": "CNVD",
"id": "CNVD-2014-03426"
},
{
"db": "BID",
"id": "67773"
},
{
"db": "IVD",
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1"
},
{
"db": "IVD",
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2354",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-149-02",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2014-03426",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201405-584",
"trust": 1.0
},
{
"db": "BID",
"id": "67773",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002714",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D7BA54F-463F-11E9-BE73-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "F3C8170C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1"
},
{
"db": "IVD",
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03426"
},
{
"db": "BID",
"id": "67773"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002714"
},
{
"db": "NVD",
"id": "CVE-2014-2354"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-584"
}
]
},
"id": "VAR-201405-0285",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1"
},
{
"db": "IVD",
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03426"
}
],
"trust": 1.74354838
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1"
},
{
"db": "IVD",
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03426"
}
]
},
"last_update_date": "2023-12-18T13:19:58.681000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://cogentdatahub.com/releasenotes.html"
},
{
"title": "Cogent Real-Time Systems DataHub Unsafe Password Hash Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46087"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03426"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002714"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002714"
},
{
"db": "NVD",
"id": "CVE-2014-2354"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-149-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2354"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2354"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/index.html"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-149-02#footnotee_x5ie90t"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03426"
},
{
"db": "BID",
"id": "67773"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002714"
},
{
"db": "NVD",
"id": "CVE-2014-2354"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-584"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1"
},
{
"db": "IVD",
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03426"
},
{
"db": "BID",
"id": "67773"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002714"
},
{
"db": "NVD",
"id": "CVE-2014-2354"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-584"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-05T00:00:00",
"db": "IVD",
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1"
},
{
"date": "2014-06-05T00:00:00",
"db": "IVD",
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-06-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03426"
},
{
"date": "2014-05-30T00:00:00",
"db": "BID",
"id": "67773"
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002714"
},
{
"date": "2014-05-30T23:55:02.987000",
"db": "NVD",
"id": "CVE-2014-2354"
},
{
"date": "2014-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-584"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03426"
},
{
"date": "2015-03-19T09:30:00",
"db": "BID",
"id": "67773"
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002714"
},
{
"date": "2014-06-05T12:40:41.283000",
"db": "NVD",
"id": "CVE-2014-2354"
},
{
"date": "2014-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-584"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-584"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub Vulnerabilities in obtaining plaintext passwords",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002714"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "7d7ba54f-463f-11e9-be73-000c29342cb1"
},
{
"db": "IVD",
"id": "f3c8170c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-584"
}
],
"trust": 1.0
}
}
VAR-201405-0534
Vulnerability from variot - Updated: 2023-12-18 13:09Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the included Web Server. By providing a request with a crafted Content-Length field, an attacker is able to overflow a heap buffer. An attacker could leverage this to execute arbitrary code in the context of the DataHub process. Cogent DataHub is software for SCADA and automation. Failed exploit attempts will likely result in denial-of-service conditions. Versions prior to Cogent DataHub 7.3.5 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0534",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.3.3"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.9,
"vendor": "cogentdatahub",
"version": "7.3.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.3.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.3.4"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.3.1"
},
{
"model": "datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.5"
},
{
"model": "datahub",
"scope": null,
"trust": 0.7,
"vendor": "cogent real time",
"version": null
},
{
"model": "real-time systems cogent datahub",
"scope": "lt",
"trust": 0.6,
"vendor": "cogent",
"version": "7.3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "7.3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "cogent datahub",
"version": "*"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7.3.4"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7.3"
},
{
"model": "cogent datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7.3.5"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1"
},
{
"db": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-135"
},
{
"db": "CNVD",
"id": "CNVD-2014-03282"
},
{
"db": "BID",
"id": "67485"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002620"
},
{
"db": "NVD",
"id": "CVE-2014-3788"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-458"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3788"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pawel Wylecial",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-135"
},
{
"db": "BID",
"id": "67485"
}
],
"trust": 1.0
},
"cve": "CVE-2014-3788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3788",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-03282",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3788",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-3788",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-03282",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-458",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1"
},
{
"db": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-135"
},
{
"db": "CNVD",
"id": "CNVD-2014-03282"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002620"
},
{
"db": "NVD",
"id": "CVE-2014-3788"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-458"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the included Web Server. By providing a request with a crafted Content-Length field, an attacker is able to overflow a heap buffer. An attacker could leverage this to execute arbitrary code in the context of the DataHub process. Cogent DataHub is software for SCADA and automation. Failed exploit attempts will likely result in denial-of-service conditions. \nVersions prior to Cogent DataHub 7.3.5 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3788"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002620"
},
{
"db": "ZDI",
"id": "ZDI-14-135"
},
{
"db": "CNVD",
"id": "CNVD-2014-03282"
},
{
"db": "BID",
"id": "67485"
},
{
"db": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1"
},
{
"db": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3788",
"trust": 4.4
},
{
"db": "ZDI",
"id": "ZDI-14-135",
"trust": 4.0
},
{
"db": "CNVD",
"id": "CNVD-2014-03282",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201405-458",
"trust": 1.0
},
{
"db": "BID",
"id": "67485",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002620",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2192",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D7C418F-463F-11E9-81DD-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "F6FE402C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1"
},
{
"db": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-135"
},
{
"db": "CNVD",
"id": "CNVD-2014-03282"
},
{
"db": "BID",
"id": "67485"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002620"
},
{
"db": "NVD",
"id": "CVE-2014-3788"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-458"
}
]
},
"id": "VAR-201405-0534",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1"
},
{
"db": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03282"
}
],
"trust": 1.74354838
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1"
},
{
"db": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03282"
}
]
},
"last_update_date": "2023-12-18T13:09:21.376000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 1.5,
"url": "http://cogentdatahub.com/releasenotes.html"
},
{
"title": "Cogent Real-Time Systems Cogent DataHub Patch Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/45912"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-135"
},
{
"db": "CNVD",
"id": "CNVD-2014-03282"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002620"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002620"
},
{
"db": "NVD",
"id": "CVE-2014-3788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-14-135/"
},
{
"trust": 2.6,
"url": "http://cogentdatahub.com/releasenotes.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3788"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3788"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/index.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-135"
},
{
"db": "CNVD",
"id": "CNVD-2014-03282"
},
{
"db": "BID",
"id": "67485"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002620"
},
{
"db": "NVD",
"id": "CVE-2014-3788"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-458"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1"
},
{
"db": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-135"
},
{
"db": "CNVD",
"id": "CNVD-2014-03282"
},
{
"db": "BID",
"id": "67485"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002620"
},
{
"db": "NVD",
"id": "CVE-2014-3788"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-458"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-28T00:00:00",
"db": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1"
},
{
"date": "2014-05-28T00:00:00",
"db": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-19T00:00:00",
"db": "ZDI",
"id": "ZDI-14-135"
},
{
"date": "2014-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03282"
},
{
"date": "2014-04-29T00:00:00",
"db": "BID",
"id": "67485"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002620"
},
{
"date": "2014-05-22T23:55:03.410000",
"db": "NVD",
"id": "CVE-2014-3788"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-458"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-19T00:00:00",
"db": "ZDI",
"id": "ZDI-14-135"
},
{
"date": "2014-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03282"
},
{
"date": "2015-03-19T08:27:00",
"db": "BID",
"id": "67485"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002620"
},
{
"date": "2014-06-27T16:48:59.110000",
"db": "NVD",
"id": "CVE-2014-3788"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-458"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-458"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent Real-Time Systems Cogent DataHub Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1"
},
{
"db": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03282"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d7c418f-463f-11e9-81dd-000c29342cb1"
},
{
"db": "IVD",
"id": "f6fe402c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-458"
}
],
"trust": 1.0
}
}
VAR-201109-0173
Vulnerability from variot - Updated: 2023-12-18 12:52Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value. The software incorrectly handles the Content-Length field (-1 or 4294967295) plus one, which can cause integer overflow. Cogent DataHub is software for SCADA and automation. Cogent DataHub has server/service listening ports 4052 and 4053, except that the second port uses SSL, the first one uses plaintext. The \"DH_OneSecondTick\" function has a stack-based unicode buffer overflow that can be triggered by \"domain\", \"report_domain\", \"register_datahub\", \"slave\" and other commands. Cogent DataHub is prone to multiple buffer-overflow and integer-overflow vulnerabilities. Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the privileged domain (Dom0). Failed attempts will likely cause denial-of-service conditions. Cogent DataHub 7.1.1.63 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 1.5,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "datahub",
"scope": "lte",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.1.1.63"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.0.2"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7"
},
{
"model": "real-time systems cascade datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems opc datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
},
{
"model": "real-time systems cogent datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "real-time systems cascade datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1.63"
}
],
"sources": [
{
"db": "IVD",
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"db": "BID",
"id": "49611"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002278"
},
{
"db": "NVD",
"id": "CVE-2011-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-274"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3501"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49611"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
}
],
"trust": 0.9
},
"cve": "CVE-2011-3501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-3501",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3501",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-274",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-3501",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2011-3501"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002278"
},
{
"db": "NVD",
"id": "CVE-2011-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-274"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value. The software incorrectly handles the Content-Length field (-1 or 4294967295) plus one, which can cause integer overflow. Cogent DataHub is software for SCADA and automation. Cogent DataHub has server/service listening ports 4052 and 4053, except that the second port uses SSL, the first one uses plaintext. The \\\"DH_OneSecondTick\\\" function has a stack-based unicode buffer overflow that can be triggered by \\\"domain\\\", \\\"report_domain\\\", \\\"register_datahub\\\", \\\"slave\\\" and other commands. Cogent DataHub is prone to multiple buffer-overflow and integer-overflow vulnerabilities. \nSuccessfully exploiting these issues may allow attackers to execute arbitrary code within the context of the privileged domain (Dom0). Failed attempts will likely cause denial-of-service conditions. \nCogent DataHub 7.1.1.63 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3501"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002278"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"db": "BID",
"id": "49611"
},
{
"db": "IVD",
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2011-3501"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=17839",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-3501"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3501",
"trust": 3.0
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-03",
"trust": 2.5
},
{
"db": "BID",
"id": "49611",
"trust": 2.1
},
{
"db": "ICS CERT",
"id": "ICSA-11-280-01",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201109-274",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002278",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3667",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3666",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183",
"trust": 0.6
},
{
"db": "IVD",
"id": "A4C5AEAA-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "17839",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-3501",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"db": "VULMON",
"id": "CVE-2011-3501"
},
{
"db": "BID",
"id": "49611"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002278"
},
{
"db": "NVD",
"id": "CVE-2011-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-274"
}
]
},
"id": "VAR-201109-0173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
}
],
"trust": 2.14354838
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.4
}
],
"sources": [
{
"db": "IVD",
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
}
]
},
"last_update_date": "2023-12-18T12:52:24.243000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002278"
},
{
"db": "NVD",
"id": "CVE-2011-3501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://aluigi.altervista.org/adv/cogent_3-adv.txt"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-03.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-280-01.pdf"
},
{
"trust": 0.9,
"url": "http://aluigi.altervista.org/adv/cogent_1-adv.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3501"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3501"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49611"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"trust": 0.3,
"url": "http://aluigi.org/poc/cogent_3.dat"
},
{
"trust": 0.3,
"url": "http://aluigi.org/poc/cogent_1.dat"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/189.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/17839/"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-11-280-01"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=24149"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"db": "VULMON",
"id": "CVE-2011-3501"
},
{
"db": "BID",
"id": "49611"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002278"
},
{
"db": "NVD",
"id": "CVE-2011-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-274"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"db": "VULMON",
"id": "CVE-2011-3501"
},
{
"db": "BID",
"id": "49611"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002278"
},
{
"db": "NVD",
"id": "CVE-2011-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-274"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"date": "2011-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3501"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49611"
},
{
"date": "2011-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002278"
},
{
"date": "2011-09-16T17:26:14.903000",
"db": "NVD",
"id": "CVE-2011-3501"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-274"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"date": "2011-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3501"
},
{
"date": "2015-03-19T08:47:00",
"db": "BID",
"id": "49611"
},
{
"date": "2011-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002278"
},
{
"date": "2011-09-21T04:00:00",
"db": "NVD",
"id": "CVE-2011-3501"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-274"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "49611"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub Integer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a4c5aeaa-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002278"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-274"
}
],
"trust": 2.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
}
],
"trust": 0.6
}
}
VAR-201109-0174
Vulnerability from variot - Updated: 2023-12-18 12:52The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). Cogent DataHub is software for SCADA and automation. The Cogent DataHub server/service uses a custom web server that listens on port 80. The software does not handle the directory traversal sequence correctly. An attacker can exploit the vulnerability to download files on the server. Cogent DataHub is prone to a directory-traversal vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting the issues may allow an attacker to obtain sensitive information that could aid in further attacks. Cogent DataHub 7.1.1.63 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 1.5,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "datahub",
"scope": "lte",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.1.1.63"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.0.2"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7"
},
{
"model": "real-time systems cascade datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems opc datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
},
{
"model": "real-time systems cogent datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "real-time systems cascade datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"db": "BID",
"id": "49610"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002267"
},
{
"db": "NVD",
"id": "CVE-2011-3502"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-275"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3502"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49610"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
}
],
"trust": 0.9
},
"cve": "CVE-2011-3502",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-3502",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3502",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-275",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002267"
},
{
"db": "NVD",
"id": "CVE-2011-3502"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). Cogent DataHub is software for SCADA and automation. The Cogent DataHub server/service uses a custom web server that listens on port 80. The software does not handle the directory traversal sequence correctly. An attacker can exploit the vulnerability to download files on the server. Cogent DataHub is prone to a directory-traversal vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input. \nExploiting the issues may allow an attacker to obtain sensitive information that could aid in further attacks. \nCogent DataHub 7.1.1.63 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3502"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002267"
},
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"db": "BID",
"id": "49610"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3502",
"trust": 2.7
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-03",
"trust": 2.4
},
{
"db": "BID",
"id": "49610",
"trust": 2.1
},
{
"db": "ICS CERT",
"id": "ICSA-11-280-01",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002267",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3671",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3672",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-275",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"db": "BID",
"id": "49610"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002267"
},
{
"db": "NVD",
"id": "CVE-2011-3502"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-275"
}
]
},
"id": "VAR-201109-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
}
],
"trust": 1.94354838
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
}
]
},
"last_update_date": "2023-12-18T12:52:24.205000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002267"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002267"
},
{
"db": "NVD",
"id": "CVE-2011-3502"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-03.pdf"
},
{
"trust": 2.2,
"url": "http://aluigi.altervista.org/adv/cogent_4-adv.txt"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-280-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3502"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3502"
},
{
"trust": 0.6,
"url": "http://aluigi.altervista.org/adv/cogent_2-adv.txt"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49610"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"trust": 0.3,
"url": "http://aluigi.org/mytoolz/mydown.zip"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"db": "BID",
"id": "49610"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002267"
},
{
"db": "NVD",
"id": "CVE-2011-3502"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"db": "BID",
"id": "49610"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002267"
},
{
"db": "NVD",
"id": "CVE-2011-3502"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49610"
},
{
"date": "2011-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002267"
},
{
"date": "2011-09-16T17:26:14.933000",
"db": "NVD",
"id": "CVE-2011-3502"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3671"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3672"
},
{
"date": "2011-10-11T16:20:00",
"db": "BID",
"id": "49610"
},
{
"date": "2011-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002267"
},
{
"date": "2011-09-19T04:00:00",
"db": "NVD",
"id": "CVE-2011-3502"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-275"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-275"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub of Web Vulnerability in server executable code acquisition",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002267"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-184"
}
],
"trust": 0.6
}
}
VAR-201109-0186
Vulnerability from variot - Updated: 2023-12-18 12:52Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands. The software incorrectly handles the Content-Length field (-1 or 4294967295) plus one, which can cause integer overflow. Cogent DataHub is software for SCADA and automation. Cogent DataHub has server/service listening ports 4052 and 4053, except that the second port uses SSL, the first one uses plaintext. Cogent DataHub is prone to multiple buffer-overflow and integer-overflow vulnerabilities. Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the privileged domain (Dom0). Failed attempts will likely cause denial-of-service conditions. Cogent DataHub 7.1.1.63 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 1.5,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "datahub",
"scope": "lte",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "real-time systems",
"scope": "eq",
"trust": 0.4,
"vendor": "cogent",
"version": "*"
},
{
"model": "datahub",
"scope": "eq",
"trust": 0.4,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.0.2"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7"
},
{
"model": "real-time systems cascade datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems opc datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
},
{
"model": "real-time systems cogent datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "real-time systems cascade datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"db": "BID",
"id": "49611"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002275"
},
{
"db": "NVD",
"id": "CVE-2011-3493"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-266"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.1.63",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3493"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49611"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
}
],
"trust": 0.9
},
"cve": "CVE-2011-3493",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-3493",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3493",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-266",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002275"
},
{
"db": "NVD",
"id": "CVE-2011-3493"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands. The software incorrectly handles the Content-Length field (-1 or 4294967295) plus one, which can cause integer overflow. Cogent DataHub is software for SCADA and automation. Cogent DataHub has server/service listening ports 4052 and 4053, except that the second port uses SSL, the first one uses plaintext. Cogent DataHub is prone to multiple buffer-overflow and integer-overflow vulnerabilities. \nSuccessfully exploiting these issues may allow attackers to execute arbitrary code within the context of the privileged domain (Dom0). Failed attempts will likely cause denial-of-service conditions. \nCogent DataHub 7.1.1.63 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3493"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002275"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"db": "BID",
"id": "49611"
},
{
"db": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3493",
"trust": 3.3
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-03",
"trust": 2.4
},
{
"db": "BID",
"id": "49611",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201109-266",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-11-280-01",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-3667",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3666",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002275",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183",
"trust": 0.6
},
{
"db": "IVD",
"id": "8B513FFE-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "A53A59E4-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "8D018FE8-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"db": "BID",
"id": "49611"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002275"
},
{
"db": "NVD",
"id": "CVE-2011-3493"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-266"
}
]
},
"id": "VAR-201109-0186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
}
],
"trust": 2.54354838
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
}
]
},
"last_update_date": "2023-12-18T12:52:24.158000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002275"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002275"
},
{
"db": "NVD",
"id": "CVE-2011-3493"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://aluigi.altervista.org/adv/cogent_1-adv.txt"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-03.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-280-01.pdf"
},
{
"trust": 0.9,
"url": "http://aluigi.altervista.org/adv/cogent_3-adv.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3493"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3493"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49611"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"trust": 0.3,
"url": "http://aluigi.org/poc/cogent_3.dat"
},
{
"trust": 0.3,
"url": "http://aluigi.org/poc/cogent_1.dat"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"db": "BID",
"id": "49611"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002275"
},
{
"db": "NVD",
"id": "CVE-2011-3493"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"db": "BID",
"id": "49611"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002275"
},
{
"db": "NVD",
"id": "CVE-2011-3493"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49611"
},
{
"date": "2011-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002275"
},
{
"date": "2011-09-16T14:28:13.107000",
"db": "NVD",
"id": "CVE-2011-3493"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3667"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3666"
},
{
"date": "2015-03-19T08:47:00",
"db": "BID",
"id": "49611"
},
{
"date": "2012-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002275"
},
{
"date": "2012-06-04T04:00:00",
"db": "NVD",
"id": "CVE-2011-3493"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-266"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "49611"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub Integer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3667"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "8b513ffe-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a53a59e4-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d018fe8-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-183"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-266"
}
],
"trust": 1.8
}
}
VAR-201201-0117
Vulnerability from variot - Updated: 2023-12-18 12:31Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. A remote attacker can send a specially crafted HTTP header to the affected system, forging information displayed on the user's web browser or performing an HTTP response fragmentation attack. Cogent DataHub is the latest version of DataHub's long-line product, which sets performance ratings for real-time data solutions. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks, including cross-site request forgery, cross-site scripting, and HTTP-request smuggling. The following versions are vulnerable: OPC DataHub Cascade DataHub Cogent DataHub. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Cogent DataHub Cross-Site Scripting and HTTP Header Injection Vulnerabilities
SECUNIA ADVISORY ID: SA47496
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47496/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47496
RELEASE DATE: 2012-01-11
DISCUSS ADVISORY: http://secunia.com/advisories/47496/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47496/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47496
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in Cogent DataHub, which can be exploited by malicious people to conduct cross-site scripting attacks and HTTP response splitting attacks.
1) Certain unspecified input is not properly sanitised before being returned to the user.
2) Certain unspecified input is not properly sanitised before being used to display HTTP headers. This can be exploited to include arbitrary HTTP headers in a response sent to the user.
SOLUTION: Update to version 7.2.0.
ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN63249231/index.html http://jvn.jp/en/jp/JVN12983784/index.html http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000002.html http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000001.html
Cogent: http://www.cogentdatahub.com/ReleaseNotes.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201201-0117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cascade datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "opc datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "real-time systems cascade datahub",
"scope": "eq",
"trust": 0.8,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "cascade datahub",
"scope": "lte",
"trust": 0.8,
"vendor": "cogent real time",
"version": "v6.4.20"
},
{
"model": "datahub",
"scope": "lte",
"trust": 0.8,
"vendor": "cogent real time",
"version": "v7.1.2"
},
{
"model": "opc datahub",
"scope": "lte",
"trust": 0.8,
"vendor": "cogent real time",
"version": "v6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "cascade datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "cogent datahub",
"version": "7.1.1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "cogent datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "opc datahub",
"version": "*"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "opc datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "7.2"
},
{
"model": "datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "7.2"
},
{
"model": "cascade datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogent",
"version": "7.2.0"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.2,
"vendor": "cogent",
"version": "6.4.21*"
},
{
"model": "real-time systems datahub",
"scope": "eq",
"trust": 0.2,
"vendor": "cogent",
"version": "7.1.2*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1"
},
{
"db": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "CNVD",
"id": "CNVD-2012-9229"
},
{
"db": "BID",
"id": "51375"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000001"
},
{
"db": "NVD",
"id": "CVE-2012-0309"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0309"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute, ICST",
"sources": [
{
"db": "BID",
"id": "51375"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0309",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2012-000001",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-9229",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "39e451cc-2354-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "3a530108-2354-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0309",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2012-000001",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2012-9229",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-158",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1"
},
{
"db": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9229"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000001"
},
{
"db": "NVD",
"id": "CVE-2012-0309"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. A remote attacker can send a specially crafted HTTP header to the affected system, forging information displayed on the user\u0027s web browser or performing an HTTP response fragmentation attack. Cogent DataHub is the latest version of DataHub\u0027s long-line product, which sets performance ratings for real-time data solutions. \nBy inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks, including cross-site request forgery, cross-site scripting, and HTTP-request smuggling. \nThe following versions are vulnerable:\nOPC DataHub\nCascade DataHub\nCogent DataHub. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nCogent DataHub Cross-Site Scripting and HTTP Header Injection\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA47496\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47496/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47496\n\nRELEASE DATE:\n2012-01-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47496/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47496/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47496\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Cogent DataHub, which can\nbe exploited by malicious people to conduct cross-site scripting\nattacks and HTTP response splitting attacks. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. \n\n2) Certain unspecified input is not properly sanitised before being\nused to display HTTP headers. This can be exploited to include\narbitrary HTTP headers in a response sent to the user. \n\nSOLUTION:\nUpdate to version 7.2.0. \n\nORIGINAL ADVISORY:\nJVN:\nhttp://jvn.jp/en/jp/JVN63249231/index.html\nhttp://jvn.jp/en/jp/JVN12983784/index.html\nhttp://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000002.html\nhttp://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000001.html\n\nCogent:\nhttp://www.cogentdatahub.com/ReleaseNotes.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0309"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000001"
},
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "CNVD",
"id": "CNVD-2012-9229"
},
{
"db": "BID",
"id": "51375"
},
{
"db": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1"
},
{
"db": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "108568"
},
{
"db": "PACKETSTORM",
"id": "108571"
}
],
"trust": 3.87
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0309",
"trust": 4.1
},
{
"db": "JVN",
"id": "JVN12983784",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000001",
"trust": 2.6
},
{
"db": "BID",
"id": "51375",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-016-01",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201201-158",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "47496",
"trust": 1.3
},
{
"db": "SECUNIA",
"id": "47525",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2012-9229",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000002",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2012-0097",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN#12983784",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D79A982-463F-11E9-AD0C-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "39E451CC-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "3A530108-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "BEDA6B8A-1F78-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "JVN",
"id": "JVN63249231",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "108568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108571",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1"
},
{
"db": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "CNVD",
"id": "CNVD-2012-9229"
},
{
"db": "BID",
"id": "51375"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000001"
},
{
"db": "PACKETSTORM",
"id": "108568"
},
{
"db": "PACKETSTORM",
"id": "108571"
},
{
"db": "NVD",
"id": "CVE-2012-0309"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-158"
}
]
},
"id": "VAR-201201-0117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1"
},
{
"db": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "CNVD",
"id": "CNVD-2012-9229"
}
],
"trust": 2.74354838
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1"
},
{
"db": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "CNVD",
"id": "CNVD-2012-9229"
}
]
},
"last_update_date": "2023-12-18T12:31:18.757000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/releasenotes.html"
},
{
"title": "Download Software",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/download_software.html"
},
{
"title": "Patches for unclear HTTP header injection vulnerabilities in multiple DataHub products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/7311"
},
{
"title": "Patch for Cogent DataHub/Cascade DataHub/OPC DataHub Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/26872"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "CNVD",
"id": "CNVD-2012-9229"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-000001"
},
{
"db": "NVD",
"id": "CVE-2012-0309"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://jvn.jp/en/jp/jvn12983784/index.html"
},
{
"trust": 2.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-016-01.pdf"
},
{
"trust": 2.1,
"url": "http://www.cogentdatahub.com/releasenotes.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/51375"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2012-000001"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/en/contents/2012/jvndb-2012-000002.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/47496"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/47525"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72305"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0309"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0309"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"trust": 0.2,
"url": "http://jvn.jp/en/jp/jvn63249231/index.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://jvndb.jvn.jp/en/contents/2012/jvndb-2012-000001.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47496/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47496/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47496"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47525/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47525/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47525"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "CNVD",
"id": "CNVD-2012-9229"
},
{
"db": "BID",
"id": "51375"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000001"
},
{
"db": "PACKETSTORM",
"id": "108568"
},
{
"db": "PACKETSTORM",
"id": "108571"
},
{
"db": "NVD",
"id": "CVE-2012-0309"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1"
},
{
"db": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"db": "CNVD",
"id": "CNVD-2012-9229"
},
{
"db": "BID",
"id": "51375"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000001"
},
{
"db": "PACKETSTORM",
"id": "108568"
},
{
"db": "PACKETSTORM",
"id": "108571"
},
{
"db": "NVD",
"id": "CVE-2012-0309"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-16T00:00:00",
"db": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1"
},
{
"date": "2012-01-16T00:00:00",
"db": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-01-16T00:00:00",
"db": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-01-13T00:00:00",
"db": "IVD",
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d"
},
{
"date": "2012-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"date": "2012-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9229"
},
{
"date": "2012-01-11T00:00:00",
"db": "BID",
"id": "51375"
},
{
"date": "2012-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-000001"
},
{
"date": "2012-01-11T06:58:06",
"db": "PACKETSTORM",
"id": "108568"
},
{
"date": "2012-01-11T06:58:15",
"db": "PACKETSTORM",
"id": "108571"
},
{
"date": "2012-01-13T04:14:38.987000",
"db": "NVD",
"id": "CVE-2012-0309"
},
{
"date": "2012-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0097"
},
{
"date": "2012-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9229"
},
{
"date": "2015-03-19T08:38:00",
"db": "BID",
"id": "51375"
},
{
"date": "2012-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-000001"
},
{
"date": "2017-08-29T01:30:54.117000",
"db": "NVD",
"id": "CVE-2012-0309"
},
{
"date": "2012-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-158"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub/Cascade DataHub/OPC DataHub Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1"
},
{
"db": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9229"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-158"
}
],
"trust": 1.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting",
"sources": [
{
"db": "IVD",
"id": "7d79a982-463f-11e9-ad0c-000c29342cb1"
},
{
"db": "IVD",
"id": "39e451cc-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "3a530108-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "beda6b8a-1f78-11e6-abef-000c29c66e3d"
}
],
"trust": 0.8
}
}
VAR-201304-0153
Vulnerability from variot - Updated: 2023-12-18 12:09Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command. Cogent Real-Time Systems is a real-time data solutions vendor. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. The following Cogent Real-Time Systems products are vulnerable: Cogent DataHub 7.2.2 and prior versions OPC DataHub 6.4.21 and prior versions Cascade DataHub for Windows 6.4.21 and prior versions Cogent DataHub DataSim and DataPid demonstration clients 7.2.2 OPC DataHub DataSim and DataPid demonstration clients 6.4.21 Cascade DataHub DataSim and DataPid demonstration clients 6.4.21 DataHub QuickTrend 7.2.2 and prior versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0153",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opc datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "opc datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cascade datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "datahub quicktrend",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cascade datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "6.4.22"
},
{
"model": "datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.0"
},
{
"model": "datahub quicktrend",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.0"
},
{
"model": "opc datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "6.4.22"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datahub quicktrend",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datapid",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datapid",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems datasim",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datasim",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "datahub quicktrend",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.0.2"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc datahub",
"version": "6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cascade datahub",
"version": "6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cascade datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "datahub quicktrend",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "03949d62-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02824"
},
{
"db": "BID",
"id": "58910"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002155"
},
{
"db": "NVD",
"id": "CVE-2013-0681"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-031"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0681"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dillon Beresford",
"sources": [
{
"db": "BID",
"id": "58910"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0681",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-0681",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02824",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "03949d62-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0681",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-02824",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-031",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "03949d62-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "03949d62-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02824"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002155"
},
{
"db": "NVD",
"id": "CVE-2013-0681"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-031"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command. Cogent Real-Time Systems is a real-time data solutions vendor. \nAn attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. \nThe following Cogent Real-Time Systems products are vulnerable:\nCogent DataHub 7.2.2 and prior versions\nOPC DataHub 6.4.21 and prior versions\nCascade DataHub for Windows 6.4.21 and prior versions\nCogent DataHub DataSim and DataPid demonstration clients 7.2.2\nOPC DataHub DataSim and DataPid demonstration clients 6.4.21\nCascade DataHub DataSim and DataPid demonstration clients 6.4.21\nDataHub QuickTrend 7.2.2 and prior versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0681"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002155"
},
{
"db": "CNVD",
"id": "CNVD-2013-02824"
},
{
"db": "BID",
"id": "58910"
},
{
"db": "IVD",
"id": "03949d62-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0681",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-095-01",
"trust": 3.3
},
{
"db": "BID",
"id": "58910",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02824",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-031",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002155",
"trust": 0.8
},
{
"db": "IVD",
"id": "03949D62-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "03949d62-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02824"
},
{
"db": "BID",
"id": "58910"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002155"
},
{
"db": "NVD",
"id": "CVE-2013-0681"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-031"
}
]
},
"id": "VAR-201304-0153",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "03949d62-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02824"
}
],
"trust": 1.67177419
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "03949d62-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02824"
}
]
},
"last_update_date": "2023-12-18T12:09:22.964000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DataHub QuickTrend",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/datahub_quicktrend.html"
},
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/releasenotes.html"
},
{
"title": "Download Software",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/contact_form.html"
},
{
"title": "Cogent DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"title": "OPC DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/opc_datahub.html"
},
{
"title": "Cascade DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/cascade_datahub.html"
},
{
"title": "TopPage",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/jp/"
},
{
"title": "Patch for Cogent Real-Time Systems DataHub Remote Denial of Service Vulnerability ( CNVD-2013-21838 )",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33175"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02824"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002155"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002155"
},
{
"db": "NVD",
"id": "CVE-2013-0681"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-095-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0681"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0681"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02824"
},
{
"db": "BID",
"id": "58910"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002155"
},
{
"db": "NVD",
"id": "CVE-2013-0681"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-031"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "03949d62-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02824"
},
{
"db": "BID",
"id": "58910"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002155"
},
{
"db": "NVD",
"id": "CVE-2013-0681"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-031"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-09T00:00:00",
"db": "IVD",
"id": "03949d62-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02824"
},
{
"date": "2013-04-05T00:00:00",
"db": "BID",
"id": "58910"
},
{
"date": "2013-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002155"
},
{
"date": "2013-04-05T21:55:00.847000",
"db": "NVD",
"id": "CVE-2013-0681"
},
{
"date": "2013-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-031"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02824"
},
{
"date": "2015-03-19T08:43:00",
"db": "BID",
"id": "58910"
},
{
"date": "2013-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002155"
},
{
"date": "2013-04-08T14:09:12.530000",
"db": "NVD",
"id": "CVE-2013-0681"
},
{
"date": "2013-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-031"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cogent DataHub Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002155"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "03949d62-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-031"
}
],
"trust": 0.8
}
}
VAR-201304-0146
Vulnerability from variot - Updated: 2023-12-18 12:09The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command. Cogent Real-Time Systems is a real-time data solutions vendor. If the user connects DataSim or DataPid to the server instead of DataHub, the server design generates a random or malformed message, then DataSim and DataPid will crash. Successfully exploiting this issue will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opc datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "opc datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cascade datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "datahub quicktrend",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cascade datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "6.4.22"
},
{
"model": "datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.0"
},
{
"model": "datahub quicktrend",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.0"
},
{
"model": "opc datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "6.4.22"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datahub quicktrend",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datapid",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datapid",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems datasim",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datasim",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "datahub quicktrend",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.0.2"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc datahub",
"version": "6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cascade datahub",
"version": "6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cascade datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "datahub quicktrend",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02822"
},
{
"db": "BID",
"id": "58909"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002157"
},
{
"db": "NVD",
"id": "CVE-2013-0683"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-033"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0683"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dillon Beresford",
"sources": [
{
"db": "BID",
"id": "58909"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0683",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-0683",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-02822",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0683",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-02822",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-033",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02822"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002157"
},
{
"db": "NVD",
"id": "CVE-2013-0683"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-033"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command. Cogent Real-Time Systems is a real-time data solutions vendor. If the user connects DataSim or DataPid to the server instead of DataHub, the server design generates a random or malformed message, then DataSim and DataPid will crash. \nSuccessfully exploiting this issue will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0683"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002157"
},
{
"db": "CNVD",
"id": "CNVD-2013-02822"
},
{
"db": "BID",
"id": "58909"
},
{
"db": "IVD",
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0683",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-095-01",
"trust": 3.3
},
{
"db": "BID",
"id": "58909",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02822",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-033",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002157",
"trust": 0.8
},
{
"db": "IVD",
"id": "0388D7D4-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02822"
},
{
"db": "BID",
"id": "58909"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002157"
},
{
"db": "NVD",
"id": "CVE-2013-0683"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-033"
}
]
},
"id": "VAR-201304-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02822"
}
],
"trust": 1.67177419
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02822"
}
]
},
"last_update_date": "2023-12-18T12:09:22.926000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cogent DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"title": "OPC DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/opc_datahub.html"
},
{
"title": "Cascade DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/cascade_datahub.html"
},
{
"title": "DataHub QuickTrend",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/datahub_quicktrend.html"
},
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/releasenotes.html"
},
{
"title": "Download Software",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/contact_form.html"
},
{
"title": "TopPage",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/jp/"
},
{
"title": "Patch for Cogent Real-Time Systems DataHub Remote Denial of Service Vulnerability (CNVD-2013-02822)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33173"
},
{
"title": "OPCDataHub-6.4.22-130302-Windows",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=45674"
},
{
"title": "CogentDataHub-7.3.0-130328-Windows",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=45673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02822"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002157"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-033"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002157"
},
{
"db": "NVD",
"id": "CVE-2013-0683"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-095-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0683"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0683"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02822"
},
{
"db": "BID",
"id": "58909"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002157"
},
{
"db": "NVD",
"id": "CVE-2013-0683"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-033"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02822"
},
{
"db": "BID",
"id": "58909"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002157"
},
{
"db": "NVD",
"id": "CVE-2013-0683"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-09T00:00:00",
"db": "IVD",
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02822"
},
{
"date": "2013-04-05T00:00:00",
"db": "BID",
"id": "58909"
},
{
"date": "2013-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002157"
},
{
"date": "2013-04-05T21:55:00.880000",
"db": "NVD",
"id": "CVE-2013-0683"
},
{
"date": "2013-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02822"
},
{
"date": "2015-03-19T09:11:00",
"db": "BID",
"id": "58909"
},
{
"date": "2013-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002157"
},
{
"date": "2013-04-08T14:21:35.817000",
"db": "NVD",
"id": "CVE-2013-0683"
},
{
"date": "2013-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-033"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-033"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cogent Real-Time Systems Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002157"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration error",
"sources": [
{
"db": "IVD",
"id": "0388d7d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-033"
}
],
"trust": 0.8
}
}
VAR-201304-0154
Vulnerability from variot - Updated: 2023-12-18 12:09Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory. Cogent Real-Time Systems is a real-time data solutions vendor. The Cogent Real-Time Systems DataHub application receives formatted text commands in TCP link mode that are parsed, verified, and executed within the application. An attacker can exploit this issue to execute arbitrary code within the context of the affected applications. Failed exploit attempts may crash the application, denying service to legitimate users. The following Cogent Real-Time Systems products are vulnerable: Cogent DataHub 7.2.2 and prior versions OPC DataHub 6.4.21 and prior versions Cascade DataHub for Windows 6.4.21 and prior versions Cogent DataHub DataSim and DataPid demonstration clients 7.2.2 OPC DataHub DataSim and DataPid demonstration clients 6.4.21 Cascade DataHub DataSim and DataPid demonstration clients 6.4.21 DataHub QuickTrend 7.2.2 and prior versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0154",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opc datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "opc datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cascade datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "datahub quicktrend",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cascade datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "6.4.22"
},
{
"model": "datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.0"
},
{
"model": "datahub quicktrend",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.0"
},
{
"model": "opc datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "6.4.22"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datahub quicktrend",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datapid",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datapid",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems datasim",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datasim",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "datahub quicktrend",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.0.2"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.1.63"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc datahub",
"version": "6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cascade datahub",
"version": "6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cascade datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "datahub quicktrend",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02823"
},
{
"db": "BID",
"id": "58905"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002156"
},
{
"db": "NVD",
"id": "CVE-2013-0682"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-032"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0682"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dillon Beresford",
"sources": [
{
"db": "BID",
"id": "58905"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0682",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-0682",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02823",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "038f53d4-2353-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0682",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-02823",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-032",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02823"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002156"
},
{
"db": "NVD",
"id": "CVE-2013-0682"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory. Cogent Real-Time Systems is a real-time data solutions vendor. The Cogent Real-Time Systems DataHub application receives formatted text commands in TCP link mode that are parsed, verified, and executed within the application. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected applications. Failed exploit attempts may crash the application, denying service to legitimate users. \nThe following Cogent Real-Time Systems products are vulnerable:\nCogent DataHub 7.2.2 and prior versions\nOPC DataHub 6.4.21 and prior versions\nCascade DataHub for Windows 6.4.21 and prior versions\nCogent DataHub DataSim and DataPid demonstration clients 7.2.2\nOPC DataHub DataSim and DataPid demonstration clients 6.4.21\nCascade DataHub DataSim and DataPid demonstration clients 6.4.21\nDataHub QuickTrend 7.2.2 and prior versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0682"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002156"
},
{
"db": "CNVD",
"id": "CNVD-2013-02823"
},
{
"db": "BID",
"id": "58905"
},
{
"db": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0682",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-095-01",
"trust": 3.3
},
{
"db": "BID",
"id": "58905",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02823",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-032",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002156",
"trust": 0.8
},
{
"db": "IVD",
"id": "038F53D4-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02823"
},
{
"db": "BID",
"id": "58905"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002156"
},
{
"db": "NVD",
"id": "CVE-2013-0682"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-032"
}
]
},
"id": "VAR-201304-0154",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02823"
}
],
"trust": 1.67177419
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02823"
}
]
},
"last_update_date": "2023-12-18T12:09:22.891000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cogent DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"title": "OPC DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/opc_datahub.html"
},
{
"title": "Cascade DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/cascade_datahub.html"
},
{
"title": "DataHub QuickTrend",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/datahub_quicktrend.html"
},
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/releasenotes.html"
},
{
"title": "Download Software",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/contact_form.html"
},
{
"title": "TopPage",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/jp/"
},
{
"title": "Cogent Real-Time Systems DataHub Text Command Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33174"
},
{
"title": "OPCDataHub-6.4.22-130302-Windows",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=45674"
},
{
"title": "CogentDataHub-7.3.0-130328-Windows",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=45673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02823"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002156"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-032"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002156"
},
{
"db": "NVD",
"id": "CVE-2013-0682"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-095-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0682"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0682"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02823"
},
{
"db": "BID",
"id": "58905"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002156"
},
{
"db": "NVD",
"id": "CVE-2013-0682"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02823"
},
{
"db": "BID",
"id": "58905"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002156"
},
{
"db": "NVD",
"id": "CVE-2013-0682"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-09T00:00:00",
"db": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02823"
},
{
"date": "2013-04-05T00:00:00",
"db": "BID",
"id": "58905"
},
{
"date": "2013-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002156"
},
{
"date": "2013-04-05T21:55:00.863000",
"db": "NVD",
"id": "CVE-2013-0682"
},
{
"date": "2013-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02823"
},
{
"date": "2015-03-19T09:23:00",
"db": "BID",
"id": "58905"
},
{
"date": "2013-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002156"
},
{
"date": "2013-04-09T04:00:00",
"db": "NVD",
"id": "CVE-2013-0682"
},
{
"date": "2013-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-032"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent Real-Time Systems DataHub Text Command Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02823"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "038f53d4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-032"
}
],
"trust": 0.8
}
}
VAR-201304-0152
Vulnerability from variot - Updated: 2023-12-18 12:09Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header. Cogent Real-Time Systems is a real-time data solutions vendor. An attacker can exploit this issue to execute arbitrary code within the context of the affected applications. Failed exploit attempts may crash the application, denying service to legitimate users. and prior OPC DataHub versions 6.4.21 and prior Cascade DataHub for Windows version 6.4.21 and prior Cogent DataHub DataSim and DataPid demonstration version 7.2.2 OPC DataHub DataSim and DataPid demonstration clients version 6.4.21 Cascade DataHub DataSim and DataPid demonstration clients version 6.4.21 DataHub QuickTrend version 7.2.2 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opc datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.0.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "6.4.20"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.0"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.6,
"vendor": "cogentdatahub",
"version": "7.1.1.63"
},
{
"model": "opc datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "cogent datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cascade datahub",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "datahub quicktrend",
"scope": "lte",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 1.0,
"vendor": "cogentdatahub",
"version": "7.1.2"
},
{
"model": "cascade datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "6.4.22"
},
{
"model": "datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.0"
},
{
"model": "datahub quicktrend",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "7.3.0"
},
{
"model": "opc datahub",
"scope": "lt",
"trust": 0.8,
"vendor": "cogent real time",
"version": "6.4.22"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datahub quicktrend",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datapid",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datapid",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "real-time systems datasim",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "7.2.2"
},
{
"model": "real-time systems datasim",
"scope": "eq",
"trust": 0.6,
"vendor": "cogent",
"version": "6.4.21"
},
{
"model": "datahub quicktrend",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "7.2.2"
},
{
"model": "cascade datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "opc datahub",
"scope": "eq",
"trust": 0.6,
"vendor": "cogentdatahub",
"version": "6.4.21"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.4.20"
},
{
"model": "real-time systems opc datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "6.0.2"
},
{
"model": "real-time systems cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogent",
"version": "7.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.1.63"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "7.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cogent datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc datahub",
"version": "6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cascade datahub",
"version": "6.4.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cascade datahub",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "datahub quicktrend",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02825"
},
{
"db": "BID",
"id": "58902"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002154"
},
{
"db": "NVD",
"id": "CVE-2013-0680"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0680"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dillon Beresford",
"sources": [
{
"db": "BID",
"id": "58902"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0680",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-0680",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02825",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "039a082e-2353-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0680",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-02825",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-030",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02825"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002154"
},
{
"db": "NVD",
"id": "CVE-2013-0680"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header. Cogent Real-Time Systems is a real-time data solutions vendor. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected applications. Failed exploit attempts may crash the application, denying service to legitimate users. and prior\nOPC DataHub versions 6.4.21 and prior\nCascade DataHub for Windows version 6.4.21 and prior\nCogent DataHub DataSim and DataPid demonstration version 7.2.2\nOPC DataHub DataSim and DataPid demonstration clients version 6.4.21\nCascade DataHub DataSim and DataPid demonstration clients version 6.4.21\nDataHub QuickTrend version 7.2.2 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0680"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002154"
},
{
"db": "CNVD",
"id": "CNVD-2013-02825"
},
{
"db": "BID",
"id": "58902"
},
{
"db": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0680",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-095-01",
"trust": 3.0
},
{
"db": "BID",
"id": "58902",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02825",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-030",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002154",
"trust": 0.8
},
{
"db": "IVD",
"id": "039A082E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02825"
},
{
"db": "BID",
"id": "58902"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002154"
},
{
"db": "NVD",
"id": "CVE-2013-0680"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-030"
}
]
},
"id": "VAR-201304-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02825"
}
],
"trust": 1.67177419
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02825"
}
]
},
"last_update_date": "2023-12-18T12:09:22.856000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DataHub QuickTrend",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/datahub_quicktrend.html"
},
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/releasenotes.html"
},
{
"title": "Download Software",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/contact_form.html"
},
{
"title": "Cogent DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"title": "OPC DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/opc_datahub.html"
},
{
"title": "Cascade DataHub",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/products/cascade_datahub.html"
},
{
"title": "TopPage",
"trust": 0.8,
"url": "http://www.cogentdatahub.com/jp/"
},
{
"title": "Patch for Cogent Real-Time Systems DataHub Remote Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33176"
},
{
"title": "OPCDataHub-6.4.22-130302-Windows",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=45674"
},
{
"title": "CogentDataHub-7.3.0-130328-Windows",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=45673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02825"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002154"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002154"
},
{
"db": "NVD",
"id": "CVE-2013-0680"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-095-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0680"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0680"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02825"
},
{
"db": "BID",
"id": "58902"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002154"
},
{
"db": "NVD",
"id": "CVE-2013-0680"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02825"
},
{
"db": "BID",
"id": "58902"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002154"
},
{
"db": "NVD",
"id": "CVE-2013-0680"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-09T00:00:00",
"db": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02825"
},
{
"date": "2013-04-05T00:00:00",
"db": "BID",
"id": "58902"
},
{
"date": "2013-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002154"
},
{
"date": "2013-04-05T21:55:00.827000",
"db": "NVD",
"id": "CVE-2013-0680"
},
{
"date": "2013-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02825"
},
{
"date": "2013-04-05T17:08:00",
"db": "BID",
"id": "58902"
},
{
"date": "2013-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002154"
},
{
"date": "2013-04-09T04:00:00",
"db": "NVD",
"id": "CVE-2013-0680"
},
{
"date": "2013-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent Real-Time Systems DataHub Remote Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02825"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "039a082e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-030"
}
],
"trust": 0.8
}
}
VAR-201308-0508
Vulnerability from variot - Updated: 2022-05-17 02:05Cogent DataHub is prone to an unspecified arbitrary-file-overwrite vulnerability and multiple unspecified denial-of-service vulnerabilities. Attackers can leverage these issues to overwrite arbitrary files on the victim's computer in the context of the vulnerable application, crash the application that uses the affected library, denying service to legitimate users. Limited information is currently available regarding this issue. We will update this BID as more information emerges. Versions prior to Cogent DataHub 7.3.3 are vulnerable.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7.3.2"
},
{
"model": "cogent datahub",
"scope": "eq",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7.3"
},
{
"model": "cogent datahub",
"scope": "ne",
"trust": 0.3,
"vendor": "cogentdatahub",
"version": "7.3.3"
}
],
"sources": [
{
"db": "BID",
"id": "62613"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Legerov of Intevydis and Vendor",
"sources": [
{
"db": "BID",
"id": "62613"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub is prone to an unspecified arbitrary-file-overwrite vulnerability and multiple unspecified denial-of-service vulnerabilities.\nAttackers can leverage these issues to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application, crash the application that uses the affected library, denying service to legitimate users.\nLimited information is currently available regarding this issue. We will update this BID as more information emerges.\nVersions prior to Cogent DataHub 7.3.3 are vulnerable.",
"sources": [
{
"db": "BID",
"id": "62613"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "62613",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "62613"
}
]
},
"id": "VAR-201308-0508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6451613
},
"last_update_date": "2022-05-17T02:05:56.368000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "https://lists.immunityinc.com/pipermail/canvas/2013-september/000086.html"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/products/cogent_datahub.html"
},
{
"trust": 0.3,
"url": "http://www.cogentdatahub.com/releasenotes.html"
}
],
"sources": [
{
"db": "BID",
"id": "62613"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "62613"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-30T00:00:00",
"db": "BID",
"id": "62613"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-30T00:00:00",
"db": "BID",
"id": "62613"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "62613"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cogent DataHub Unspecified Arbitrary File Overwrite and Denial Of Service Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "62613"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "62613"
}
],
"trust": 0.3
}
}
CVE-2016-2288 (GCVE-0-2016-2288)
Vulnerability from nvd – Published: 2016-03-29 15:00 – Updated: 2024-08-05 23:24
VLAI
Summary
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/39630/ | exploitx_refsource_EXPLOIT-DB |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01 | x_refsource_MISC |
Date Public
2016-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39630",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "39630",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39630",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2288",
"datePublished": "2016-03-29T15:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2354 (GCVE-0-2014-2354)
Vulnerability from nvd – Published: 2014-05-30 23:00 – Updated: 2025-10-03 16:34
VLAI
Title
Cogent DataHub Use of Password Hash With Insufficient Computational Effort
Summary
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://cogentdatahub.com/Download_Software.html | |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | x_refsource_MISCx_transferred |
Date Public
2014-05-29 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataHub",
"vendor": "Cogent",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alain Homewood"
}
],
"datePublic": "2014-05-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\nCogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.\n\n\u003c/p\u003e"
}
],
"value": "Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T16:34:03.154Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02"
},
{
"url": "http://cogentdatahub.com/Download_Software.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://cogentdatahub.com/Download_Software.html\"\u003ehttp://cogentdatahub.com/Download_Software.html\u003c/a\u003e\u003c/p\u003eCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://crackstation.net/\"\u003ehttps://crackstation.net/\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Cogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\n\n\n http://cogentdatahub.com/Download_Software.html \n\nCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: https://crackstation.net/ ."
}
],
"source": {
"advisory": "ICSA-14-149-02",
"discovery": "EXTERNAL"
},
"title": "Cogent DataHub Use of Password Hash With Insufficient Computational Effort",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2354",
"datePublished": "2014-05-30T23:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-03T16:34:03.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2353 (GCVE-0-2014-2353)
Vulnerability from nvd – Published: 2014-05-30 23:00 – Updated: 2025-10-03 16:30
VLAI
Title
Cogent DataHub XSS
Summary
Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://cogentdatahub.com/Download_Software.html | |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | x_refsource_MISCx_transferred |
Date Public
2014-05-29 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataHub",
"vendor": "Cogent",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alain Homewood"
}
],
"datePublic": "2014-05-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nCross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n\n\u003c/p\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T16:30:38.263Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02"
},
{
"url": "http://cogentdatahub.com/Download_Software.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://cogentdatahub.com/Download_Software.html\"\u003ehttp://cogentdatahub.com/Download_Software.html\u003c/a\u003e\u003c/p\u003eCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://crackstation.net/\"\u003ehttps://crackstation.net/\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Cogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\n\n\n http://cogentdatahub.com/Download_Software.html \n\nCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: https://crackstation.net/ ."
}
],
"source": {
"advisory": "ICSA-14-149-02",
"discovery": "EXTERNAL"
},
"title": "Cogent DataHub XSS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2353",
"datePublished": "2014-05-30T23:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-03T16:30:38.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2352 (GCVE-0-2014-2352)
Vulnerability from nvd – Published: 2014-05-30 23:00 – Updated: 2025-10-03 16:31
VLAI
Title
Cogent DataHub Path Traversal
Summary
The directory specifier can include designators that can be used to
traverse the directory path. Exploiting this vulnerability may enable an
attacker to access a limited number of hardcoded file types. Further
exploitation of this vulnerability may allow an attacker to cause the
web server component to enter a denial-of-service condition.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://cogentdatahub.com/Download_Software.html | |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | x_refsource_MISCx_transferred |
Date Public
2014-05-29 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataHub",
"vendor": "Cogent",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alain Homewood"
}
],
"datePublic": "2014-05-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nThe directory specifier can include designators that can be used to \ntraverse the directory path. Exploiting this vulnerability may enable an\n attacker to access a limited number of hardcoded file types. Further \nexploitation of this vulnerability may allow an attacker to cause the \nweb server component to enter a denial-of-service condition.\n\n\u003c/p\u003e"
}
],
"value": "The directory specifier can include designators that can be used to \ntraverse the directory path. Exploiting this vulnerability may enable an\n attacker to access a limited number of hardcoded file types. Further \nexploitation of this vulnerability may allow an attacker to cause the \nweb server component to enter a denial-of-service condition."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T16:31:41.797Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02"
},
{
"url": "http://cogentdatahub.com/Download_Software.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://cogentdatahub.com/Download_Software.html\"\u003ehttp://cogentdatahub.com/Download_Software.html\u003c/a\u003e\u003c/p\u003eCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://crackstation.net/\"\u003ehttps://crackstation.net/\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Cogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\n\n\n http://cogentdatahub.com/Download_Software.html \n\nCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: https://crackstation.net/ ."
}
],
"source": {
"advisory": "ICSA-14-149-02",
"discovery": "EXTERNAL"
},
"title": "Cogent DataHub Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2352",
"datePublished": "2014-05-30T23:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-03T16:31:41.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3789 (GCVE-0-2014-3789)
Vulnerability from nvd – Published: 2014-05-22 23:00 – Updated: 2024-08-06 10:57
VLAI
Summary
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01 | x_refsource_MISC |
| http://cogentdatahub.com/ReleaseNotes.html | x_refsource_CONFIRM |
| http://www.zerodayinitiative.com/advisories/ZDI-14-136/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/67486 | vdb-entryx_refsource_BID |
Date Public
2014-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"name": "67486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"name": "67486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
},
{
"name": "http://cogentdatahub.com/ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"name": "67486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3789",
"datePublished": "2014-05-22T23:00:00.000Z",
"dateReserved": "2014-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:17.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3788 (GCVE-0-2014-3788)
Vulnerability from nvd – Published: 2014-05-22 23:00 – Updated: 2024-08-06 10:57
VLAI
Summary
Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://cogentdatahub.com/ReleaseNotes.html | x_refsource_CONFIRM |
| http://www.zerodayinitiative.com/advisories/ZDI-14-135/ | x_refsource_MISC |
Date Public
2014-04-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-22T22:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cogentdatahub.com/ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3788",
"datePublished": "2014-05-22T23:00:00.000Z",
"dateReserved": "2014-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:17.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0683 (GCVE-0-2013-0683)
Vulnerability from nvd – Published: 2013-04-05 21:00 – Updated: 2024-09-16 23:36
VLAI
Summary
The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-05T21:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0683",
"datePublished": "2013-04-05T21:00:00.000Z",
"dateReserved": "2012-12-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:56.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2288 (GCVE-0-2016-2288)
Vulnerability from cvelistv5 – Published: 2016-03-29 15:00 – Updated: 2024-08-05 23:24
VLAI
Summary
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/39630/ | exploitx_refsource_EXPLOIT-DB |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01 | x_refsource_MISC |
Date Public
2016-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39630",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "39630",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39630",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39630/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2288",
"datePublished": "2016-03-29T15:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2353 (GCVE-0-2014-2353)
Vulnerability from cvelistv5 – Published: 2014-05-30 23:00 – Updated: 2025-10-03 16:30
VLAI
Title
Cogent DataHub XSS
Summary
Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://cogentdatahub.com/Download_Software.html | |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | x_refsource_MISCx_transferred |
Date Public
2014-05-29 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataHub",
"vendor": "Cogent",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alain Homewood"
}
],
"datePublic": "2014-05-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nCross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\n\n\u003c/p\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T16:30:38.263Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02"
},
{
"url": "http://cogentdatahub.com/Download_Software.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://cogentdatahub.com/Download_Software.html\"\u003ehttp://cogentdatahub.com/Download_Software.html\u003c/a\u003e\u003c/p\u003eCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://crackstation.net/\"\u003ehttps://crackstation.net/\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Cogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\n\n\n http://cogentdatahub.com/Download_Software.html \n\nCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: https://crackstation.net/ ."
}
],
"source": {
"advisory": "ICSA-14-149-02",
"discovery": "EXTERNAL"
},
"title": "Cogent DataHub XSS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2353",
"datePublished": "2014-05-30T23:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-03T16:30:38.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2354 (GCVE-0-2014-2354)
Vulnerability from cvelistv5 – Published: 2014-05-30 23:00 – Updated: 2025-10-03 16:34
VLAI
Title
Cogent DataHub Use of Password Hash With Insufficient Computational Effort
Summary
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://cogentdatahub.com/Download_Software.html | |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | x_refsource_MISCx_transferred |
Date Public
2014-05-29 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataHub",
"vendor": "Cogent",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alain Homewood"
}
],
"datePublic": "2014-05-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\nCogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.\n\n\u003c/p\u003e"
}
],
"value": "Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T16:34:03.154Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02"
},
{
"url": "http://cogentdatahub.com/Download_Software.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://cogentdatahub.com/Download_Software.html\"\u003ehttp://cogentdatahub.com/Download_Software.html\u003c/a\u003e\u003c/p\u003eCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://crackstation.net/\"\u003ehttps://crackstation.net/\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Cogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\n\n\n http://cogentdatahub.com/Download_Software.html \n\nCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: https://crackstation.net/ ."
}
],
"source": {
"advisory": "ICSA-14-149-02",
"discovery": "EXTERNAL"
},
"title": "Cogent DataHub Use of Password Hash With Insufficient Computational Effort",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2354",
"datePublished": "2014-05-30T23:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-03T16:34:03.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2352 (GCVE-0-2014-2352)
Vulnerability from cvelistv5 – Published: 2014-05-30 23:00 – Updated: 2025-10-03 16:31
VLAI
Title
Cogent DataHub Path Traversal
Summary
The directory specifier can include designators that can be used to
traverse the directory path. Exploiting this vulnerability may enable an
attacker to access a limited number of hardcoded file types. Further
exploitation of this vulnerability may allow an attacker to cause the
web server component to enter a denial-of-service condition.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://cogentdatahub.com/Download_Software.html | |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 | x_refsource_MISCx_transferred |
Date Public
2014-05-29 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataHub",
"vendor": "Cogent",
"versions": [
{
"lessThan": "7.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alain Homewood"
}
],
"datePublic": "2014-05-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nThe directory specifier can include designators that can be used to \ntraverse the directory path. Exploiting this vulnerability may enable an\n attacker to access a limited number of hardcoded file types. Further \nexploitation of this vulnerability may allow an attacker to cause the \nweb server component to enter a denial-of-service condition.\n\n\u003c/p\u003e"
}
],
"value": "The directory specifier can include designators that can be used to \ntraverse the directory path. Exploiting this vulnerability may enable an\n attacker to access a limited number of hardcoded file types. Further \nexploitation of this vulnerability may allow an attacker to cause the \nweb server component to enter a denial-of-service condition."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T16:31:41.797Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02"
},
{
"url": "http://cogentdatahub.com/Download_Software.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://cogentdatahub.com/Download_Software.html\"\u003ehttp://cogentdatahub.com/Download_Software.html\u003c/a\u003e\u003c/p\u003eCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://crackstation.net/\"\u003ehttps://crackstation.net/\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Cogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\n\n\n http://cogentdatahub.com/Download_Software.html \n\nCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: https://crackstation.net/ ."
}
],
"source": {
"advisory": "ICSA-14-149-02",
"discovery": "EXTERNAL"
},
"title": "Cogent DataHub Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2352",
"datePublished": "2014-05-30T23:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-03T16:31:41.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3789 (GCVE-0-2014-3789)
Vulnerability from cvelistv5 – Published: 2014-05-22 23:00 – Updated: 2024-08-06 10:57
VLAI
Summary
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01 | x_refsource_MISC |
| http://cogentdatahub.com/ReleaseNotes.html | x_refsource_CONFIRM |
| http://www.zerodayinitiative.com/advisories/ZDI-14-136/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/67486 | vdb-entryx_refsource_BID |
Date Public
2014-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"name": "67486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"name": "67486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01"
},
{
"name": "http://cogentdatahub.com/ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-136/"
},
{
"name": "67486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3789",
"datePublished": "2014-05-22T23:00:00.000Z",
"dateReserved": "2014-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:17.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3788 (GCVE-0-2014-3788)
Vulnerability from cvelistv5 – Published: 2014-05-22 23:00 – Updated: 2024-08-06 10:57
VLAI
Summary
Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://cogentdatahub.com/ReleaseNotes.html | x_refsource_CONFIRM |
| http://www.zerodayinitiative.com/advisories/ZDI-14-135/ | x_refsource_MISC |
Date Public
2014-04-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-22T22:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cogentdatahub.com/ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-135/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3788",
"datePublished": "2014-05-22T23:00:00.000Z",
"dateReserved": "2014-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:17.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}