Sign-up

ID

VAR-201304-0152


CVE

CVE-2013-0680


TITLE

Cogent Real-Time Systems DataHub Remote Stack Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 039a082e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02825

DESCRIPTION

Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header. Cogent Real-Time Systems is a real-time data solutions vendor. An attacker can exploit this issue to execute arbitrary code within the context of the affected applications. Failed exploit attempts may crash the application, denying service to legitimate users. and prior OPC DataHub versions 6.4.21 and prior Cascade DataHub for Windows version 6.4.21 and prior Cogent DataHub DataSim and DataPid demonstration version 7.2.2 OPC DataHub DataSim and DataPid demonstration clients version 6.4.21 Cascade DataHub DataSim and DataPid demonstration clients version 6.4.21 DataHub QuickTrend version 7.2.2 and prior

Trust: 2.61

sources: NVD: CVE-2013-0680 // JVNDB: JVNDB-2013-002154 // CNVD: CNVD-2013-02825 // BID: 58902 // IVD: 039a082e-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 039a082e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02825

AFFECTED PRODUCTS

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.0

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.1

Trust: 1.6

vendor:cogentdatahubmodel:cascade datahubscope:eqversion:6.4.20

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.1.63

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.0

Trust: 1.6

vendor:cogentdatahubmodel:opc datahubscope:eqversion:6.4.20

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.0.2

Trust: 1.6

vendor:cogentdatahubmodel:datahub quicktrendscope:lteversion:7.2.2

Trust: 1.0

vendor:cogentdatahubmodel:opc datahubscope:lteversion:6.4.21

Trust: 1.0

vendor:cogentdatahubmodel:cogent datahubscope:lteversion:7.2.2

Trust: 1.0

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.2

Trust: 1.0

vendor:cogentdatahubmodel:cascade datahubscope:lteversion:6.4.21

Trust: 1.0

vendor:cogent real timemodel:cascade datahubscope:ltversion:6.4.22

Trust: 0.8

vendor:cogent real timemodel:datahubscope:ltversion:7.3.0

Trust: 0.8

vendor:cogent real timemodel:datahub quicktrendscope:ltversion:7.3.0

Trust: 0.8

vendor:cogent real timemodel:opc datahubscope:ltversion:6.4.22

Trust: 0.8

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems cascade datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datahub quicktrendscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datapidscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datapidscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems datasimscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datasimscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentdatahubmodel:datahub quicktrendscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentdatahubmodel:cascade datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentdatahubmodel:opc datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6.4.20

Trust: 0.3

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6.0.2

Trust: 0.3

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7.1.2

Trust: 0.3

vendor:cogent datahubmodel: - scope:eqversion:7.0

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.0.2

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.0

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.1

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.1.63

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.2

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:*

Trust: 0.2

vendor:opc datahubmodel: - scope:eqversion:6.4.20

Trust: 0.2

vendor:opc datahubmodel: - scope:eqversion:*

Trust: 0.2

vendor:cascade datahubmodel: - scope:eqversion:6.4.20

Trust: 0.2

vendor:cascade datahubmodel: - scope:eqversion:*

Trust: 0.2

vendor:datahub quicktrendmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 039a082e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02825 // BID: 58902 // JVNDB: JVNDB-2013-002154 // CNNVD: CNNVD-201304-030 // NVD: CVE-2013-0680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0680
value: HIGH

Trust: 1.0

NVD: CVE-2013-0680
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-02825
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201304-030
value: HIGH

Trust: 0.6

IVD: 039a082e-2353-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2013-0680
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-02825
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 039a082e-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 039a082e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02825 // JVNDB: JVNDB-2013-002154 // CNNVD: CNNVD-201304-030 // NVD: CVE-2013-0680

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2013-002154 // NVD: CVE-2013-0680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-030

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 039a082e-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201304-030

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002154

PATCH
title:DataHub QuickTrendurl:http://www.cogentdatahub.com/Products/DataHub_QuickTrend.html
Trust: 0.8
title:Release Notesurl:http://www.cogentdatahub.com/ReleaseNotes.html
Trust: 0.8
title:Download Softwareurl:http://www.cogentdatahub.com/Contact_Form.html
Trust: 0.8
title:Cogent DataHuburl:http://www.cogentdatahub.com/Products/Cogent_DataHub.html
Trust: 0.8
title:OPC DataHuburl:http://www.cogentdatahub.com/Products/OPC_DataHub.html
Trust: 0.8
title:Cascade DataHuburl:http://www.cogentdatahub.com/Products/Cascade_DataHub.html
Trust: 0.8
title:TopPageurl:http://www.cogentdatahub.com/jp/
Trust: 0.8
title:Patch for Cogent Real-Time Systems DataHub Remote Stack Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/33176
Trust: 0.6
title:OPCDataHub-6.4.22-130302-Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45674
Trust: 0.6
title:CogentDataHub-7.3.0-130328-Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45673
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-02825 // 
            
            
            
            JVNDB: JVNDB-2013-002154 // 
            
            
            
            CNNVD: CNNVD-201304-030

EXTERNAL IDS
db:NVDid:CVE-2013-0680
Trust: 3.5
db:ICS CERTid:ICSA-13-095-01
Trust: 3.0
db:BIDid:58902
Trust: 0.9
db:CNVDid:CNVD-2013-02825
Trust: 0.8
db:CNNVDid:CNNVD-201304-030
Trust: 0.8
db:JVNDBid:JVNDB-2013-002154
Trust: 0.8
db:IVDid:039A082E-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 039a082e-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-02825 // 
            
            
            
            BID: 58902 // 
            
            
            
            JVNDB: JVNDB-2013-002154 // 
            
            
            
            CNNVD: CNNVD-201304-030 // 
            
            
            
            NVD: CVE-2013-0680

REFERENCES
url:http://ics-cert.us-cert.gov/pdf/icsa-13-095-01.pdf
Trust: 3.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0680
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0680
Trust: 0.8
url:http://www.cogentdatahub.com/products/cogent_datahub.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-02825 // 
            
            
            
            BID: 58902 // 
            
            
            
            JVNDB: JVNDB-2013-002154 // 
            
            
            
            CNNVD: CNNVD-201304-030 // 
            
            
            
            NVD: CVE-2013-0680

CREDITS
Dillon Beresford
Trust: 0.3
sources:
            
            
            BID: 58902

SOURCES
db:IVDid:039a082e-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02825
db:BIDid:58902
db:JVNDBid:JVNDB-2013-002154
db:CNNVDid:CNNVD-201304-030
db:NVDid:CVE-2013-0680

LAST UPDATE DATE
2024-11-23T21:55:36.490000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-02825date:2013-05-27T00:00:00
db:BIDid:58902date:2013-04-05T17:08:00
db:JVNDBid:JVNDB-2013-002154date:2013-04-09T00:00:00
db:CNNVDid:CNNVD-201304-030date:2013-04-11T00:00:00
db:NVDid:CVE-2013-0680date:2024-11-21T01:47:59.903

SOURCES RELEASE DATE
db:IVDid:039a082e-2353-11e6-abef-000c29c66e3ddate:2013-04-09T00:00:00
db:CNVDid:CNVD-2013-02825date:2013-04-09T00:00:00
db:BIDid:58902date:2013-04-05T00:00:00
db:JVNDBid:JVNDB-2013-002154date:2013-04-09T00:00:00
db:CNNVDid:CNNVD-201304-030date:2013-04-11T00:00:00
db:NVDid:CVE-2013-0680date:2013-04-05T21:55:00.827