Details of VAR-201109-0186

ID

VAR-201109-0186

CVE

CVE-2011-3493

TITLE

Cogent DataHub Integer Overflow Vulnerability

Trust: 0.8

sources: IVD: 8b513ffe-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3667

DESCRIPTION

Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands. The software incorrectly handles the Content-Length field (-1 or 4294967295) plus one, which can cause integer overflow. Cogent DataHub is software for SCADA and automation. Cogent DataHub has server/service listening ports 4052 and 4053, except that the second port uses SSL, the first one uses plaintext. Cogent DataHub is prone to multiple buffer-overflow and integer-overflow vulnerabilities. Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the privileged domain (Dom0). Failed attempts will likely cause denial-of-service conditions. Cogent DataHub 7.1.1.63 is vulnerable; other versions may also be affected

Trust: 3.51

sources: NVD: CVE-2011-3493 // JVNDB: JVNDB-2011-002275 // CNVD: CNVD-2011-3667 // CNVD: CNVD-2011-3666 // BID: 49611 // IVD: 8b513ffe-1f88-11e6-abef-000c29c66e3d // IVD: a53a59e4-2354-11e6-abef-000c29c66e3d // IVD: 8d018fe8-1f88-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.8

AFFECTED PRODUCTS

vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.0	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.1	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.0	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.0.2	Trust: 1.6
vendor:	cogent	model:	real-time systems cogent datahub	scope:	eq	version:	7.1.1.63	Trust: 1.5
vendor:	cogentdatahub	model:	cogent datahub	scope:	lte	version:	7.1.1.63	Trust: 1.0
vendor:	cogent real time	model:	datahub	scope:	lte	version:	7.1.1.63	Trust: 0.8
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.1.63	Trust: 0.6
vendor:	cogent	model:	real-time systems	scope:	eq	version:	*	Trust: 0.4
vendor:	cogent	model:	datahub	scope:	eq	version:	7.1.1.63	Trust: 0.4
vendor:	cogent	model:	real-time systems opc datahub	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	cogent	model:	real-time systems opc datahub	scope:	eq	version:	6	Trust: 0.3
vendor:	cogent	model:	real-time systems cogent datahub	scope:	eq	version:	7	Trust: 0.3
vendor:	cogent	model:	real-time systems cascade datahub	scope:	eq	version:	6	Trust: 0.3
vendor:	cogent	model:	real-time systems opc datahub	scope:	ne	version:	6.4.20	Trust: 0.3
vendor:	cogent	model:	real-time systems cogent datahub	scope:	ne	version:	7.1.2	Trust: 0.3
vendor:	cogent	model:	real-time systems cascade datahub	scope:	ne	version:	6.4.20	Trust: 0.3
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.0	Trust: 0.2
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.0.2	Trust: 0.2
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.1.0	Trust: 0.2
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.1.1	Trust: 0.2
vendor:	cogent datahub	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 8b513ffe-1f88-11e6-abef-000c29c66e3d // IVD: a53a59e4-2354-11e6-abef-000c29c66e3d // IVD: 8d018fe8-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3667 // CNVD: CNVD-2011-3666 // BID: 49611 // JVNDB: JVNDB-2011-002275 // CNNVD: CNNVD-201109-266 // NVD: CVE-2011-3493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3493
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-3493
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201109-266
value:	CRITICAL
Trust: 0.6
IVD:	8b513ffe-1f88-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	a53a59e4-2354-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	8d018fe8-1f88-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2011-3493
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	8b513ffe-1f88-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	a53a59e4-2354-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	8d018fe8-1f88-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 8b513ffe-1f88-11e6-abef-000c29c66e3d // IVD: a53a59e4-2354-11e6-abef-000c29c66e3d // IVD: 8d018fe8-1f88-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-002275 // CNNVD: CNNVD-201109-266 // NVD: CVE-2011-3493

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-002275 // NVD: CVE-2011-3493

THREAT TYPE

local

Trust: 0.9

sources: BID: 49611 // CNNVD: CNNVD-201109-183

TYPE

Buffer overflow

Trust: 1.8

sources: IVD: 8b513ffe-1f88-11e6-abef-000c29c66e3d // IVD: a53a59e4-2354-11e6-abef-000c29c66e3d // IVD: 8d018fe8-1f88-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201109-183 // CNNVD: CNNVD-201109-266

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002275

PATCH

title:	Top Page	url:	http://www.cogentdatahub.com/	Trust: 0.8
title:	Top Page	url:	http://www.cogentdatahub.com/jp/	Trust: 0.8

sources: JVNDB: JVNDB-2011-002275

EXTERNAL IDS

db:	NVD	id:	CVE-2011-3493	Trust: 3.3
db:	ICS CERT ALERT	id:	ICS-ALERT-11-256-03	Trust: 2.4
db:	BID	id:	49611	Trust: 2.1
db:	CNNVD	id:	CNNVD-201109-266	Trust: 1.2
db:	ICS CERT	id:	ICSA-11-280-01	Trust: 1.1
db:	CNVD	id:	CNVD-2011-3667	Trust: 0.8
db:	CNVD	id:	CNVD-2011-3666	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-002275	Trust: 0.8
db:	CNNVD	id:	CNNVD-201109-183	Trust: 0.6
db:	IVD	id:	8B513FFE-1F88-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	A53A59E4-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	8D018FE8-1F88-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:	http://aluigi.altervista.org/adv/cogent_1-adv.txt	Trust: 2.5
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-03.pdf	Trust: 2.4
url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-280-01.pdf	Trust: 1.1
url:	http://aluigi.altervista.org/adv/cogent_3-adv.txt	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3493	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3493	Trust: 0.8
url:	http://www.securityfocus.com/bid/49611	Trust: 0.6
url:	http://www.cogentdatahub.com/products/cogent_datahub.html	Trust: 0.3
url:	http://aluigi.org/poc/cogent_3.dat	Trust: 0.3
url:	http://aluigi.org/poc/cogent_1.dat	Trust: 0.3

sources: CNVD: CNVD-2011-3667 // CNVD: CNVD-2011-3666 // BID: 49611 // JVNDB: JVNDB-2011-002275 // CNNVD: CNNVD-201109-183 // CNNVD: CNNVD-201109-266 // NVD: CVE-2011-3493

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 49611 // CNNVD: CNNVD-201109-183

SOURCES

db:	IVD	id:	8b513ffe-1f88-11e6-abef-000c29c66e3d
db:	IVD	id:	a53a59e4-2354-11e6-abef-000c29c66e3d
db:	IVD	id:	8d018fe8-1f88-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-3667
db:	CNVD	id:	CNVD-2011-3666
db:	BID	id:	49611
db:	JVNDB	id:	JVNDB-2011-002275
db:	CNNVD	id:	CNNVD-201109-183
db:	CNNVD	id:	CNNVD-201109-266
db:	NVD	id:	CVE-2011-3493

LAST UPDATE DATE

2024-08-14T13:49:07.207000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-3667	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3666	date:	2011-09-15T00:00:00
db:	BID	id:	49611	date:	2015-03-19T08:47:00
db:	JVNDB	id:	JVNDB-2011-002275	date:	2012-02-03T00:00:00
db:	CNNVD	id:	CNNVD-201109-183	date:	2011-09-15T00:00:00
db:	CNNVD	id:	CNNVD-201109-266	date:	2011-09-19T00:00:00
db:	NVD	id:	CVE-2011-3493	date:	2012-06-04T04:00:00

SOURCES RELEASE DATE

db:	IVD	id:	8b513ffe-1f88-11e6-abef-000c29c66e3d	date:	2011-09-15T00:00:00
db:	IVD	id:	a53a59e4-2354-11e6-abef-000c29c66e3d	date:	2011-09-19T00:00:00
db:	IVD	id:	8d018fe8-1f88-11e6-abef-000c29c66e3d	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3667	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3666	date:	2011-09-15T00:00:00
db:	BID	id:	49611	date:	2011-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2011-002275	date:	2011-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201109-183	date:	1900-01-01T00:00:00
db:	CNNVD	id:	CNNVD-201109-266	date:	2011-09-19T00:00:00
db:	NVD	id:	CVE-2011-3493	date:	2011-09-16T14:28:13.107