Sign-up

ID

VAR-201304-0153


CVE

CVE-2013-0681


TITLE

plural Cogent DataHub Service disruption in products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002155

DESCRIPTION

Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command. Cogent Real-Time Systems is a real-time data solutions vendor. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. The following Cogent Real-Time Systems products are vulnerable: Cogent DataHub 7.2.2 and prior versions OPC DataHub 6.4.21 and prior versions Cascade DataHub for Windows 6.4.21 and prior versions Cogent DataHub DataSim and DataPid demonstration clients 7.2.2 OPC DataHub DataSim and DataPid demonstration clients 6.4.21 Cascade DataHub DataSim and DataPid demonstration clients 6.4.21 DataHub QuickTrend 7.2.2 and prior versions

Trust: 2.61

sources: NVD: CVE-2013-0681 // JVNDB: JVNDB-2013-002155 // CNVD: CNVD-2013-02824 // BID: 58910 // IVD: 03949d62-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 03949d62-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02824

AFFECTED PRODUCTS

vendor:cogentdatahubmodel:cascade datahubscope:eqversion:6.4.20

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.1.63

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.2

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.0

Trust: 1.6

vendor:cogentdatahubmodel:opc datahubscope:eqversion:6.4.20

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.0.2

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.1

Trust: 1.0

vendor:cogentdatahubmodel:datahub quicktrendscope:lteversion:7.2.2

Trust: 1.0

vendor:cogentdatahubmodel:opc datahubscope:lteversion:6.4.21

Trust: 1.0

vendor:cogentdatahubmodel:cogent datahubscope:lteversion:7.2.2

Trust: 1.0

vendor:cogentdatahubmodel:cascade datahubscope:lteversion:6.4.21

Trust: 1.0

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.0

Trust: 1.0

vendor:cogent real timemodel:cascade datahubscope:ltversion:6.4.22

Trust: 0.8

vendor:cogent real timemodel:datahubscope:ltversion:7.3.0

Trust: 0.8

vendor:cogent real timemodel:datahub quicktrendscope:ltversion:7.3.0

Trust: 0.8

vendor:cogent real timemodel:opc datahubscope:ltversion:6.4.22

Trust: 0.8

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems cascade datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datahub quicktrendscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datapidscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datapidscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems datasimscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datasimscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentdatahubmodel:datahub quicktrendscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentdatahubmodel:cascade datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentdatahubmodel:opc datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6.4.20

Trust: 0.3

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6.0.2

Trust: 0.3

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6

Trust: 0.3

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7.1.2

Trust: 0.3

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7.1.1.63

Trust: 0.3

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7

Trust: 0.3

vendor:cogent datahubmodel: - scope:eqversion:7.0

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.0.2

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.0

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.1

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.1.63

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.2

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:*

Trust: 0.2

vendor:opc datahubmodel: - scope:eqversion:6.4.20

Trust: 0.2

vendor:opc datahubmodel: - scope:eqversion:*

Trust: 0.2

vendor:cascade datahubmodel: - scope:eqversion:6.4.20

Trust: 0.2

vendor:cascade datahubmodel: - scope:eqversion:*

Trust: 0.2

vendor:datahub quicktrendmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 03949d62-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02824 // BID: 58910 // JVNDB: JVNDB-2013-002155 // CNNVD: CNNVD-201304-031 // NVD: CVE-2013-0681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0681
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0681
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-02824
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201304-031
value: MEDIUM

Trust: 0.6

IVD: 03949d62-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2013-0681
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-02824
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 03949d62-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 03949d62-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02824 // JVNDB: JVNDB-2013-002155 // CNNVD: CNNVD-201304-031 // NVD: CVE-2013-0681

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2013-002155 // NVD: CVE-2013-0681

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-031

TYPE

Input validation

Trust: 0.8

sources: IVD: 03949d62-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201304-031

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002155

PATCH
title:DataHub QuickTrendurl:http://www.cogentdatahub.com/Products/DataHub_QuickTrend.html
Trust: 0.8
title:Release Notesurl:http://www.cogentdatahub.com/ReleaseNotes.html
Trust: 0.8
title:Download Softwareurl:http://www.cogentdatahub.com/Contact_Form.html
Trust: 0.8
title:Cogent DataHuburl:http://www.cogentdatahub.com/Products/Cogent_DataHub.html
Trust: 0.8
title:OPC DataHuburl:http://www.cogentdatahub.com/Products/OPC_DataHub.html
Trust: 0.8
title:Cascade DataHuburl:http://www.cogentdatahub.com/Products/Cascade_DataHub.html
Trust: 0.8
title:TopPageurl:http://www.cogentdatahub.com/jp/
Trust: 0.8
title:Patch for Cogent Real-Time Systems DataHub Remote Denial of Service Vulnerability ( CNVD-2013-21838 )url:https://www.cnvd.org.cn/patchInfo/show/33175
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-02824 // 
            
            
            
            JVNDB: JVNDB-2013-002155

EXTERNAL IDS
db:NVDid:CVE-2013-0681
Trust: 3.5
db:ICS CERTid:ICSA-13-095-01
Trust: 3.3
db:BIDid:58910
Trust: 0.9
db:CNVDid:CNVD-2013-02824
Trust: 0.8
db:CNNVDid:CNNVD-201304-031
Trust: 0.8
db:JVNDBid:JVNDB-2013-002155
Trust: 0.8
db:IVDid:03949D62-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 03949d62-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-02824 // 
            
            
            
            BID: 58910 // 
            
            
            
            JVNDB: JVNDB-2013-002155 // 
            
            
            
            CNNVD: CNNVD-201304-031 // 
            
            
            
            NVD: CVE-2013-0681

REFERENCES
url:http://ics-cert.us-cert.gov/pdf/icsa-13-095-01.pdf
Trust: 3.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0681
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0681
Trust: 0.8
url:http://www.cogentdatahub.com/products/cogent_datahub.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-02824 // 
            
            
            
            BID: 58910 // 
            
            
            
            JVNDB: JVNDB-2013-002155 // 
            
            
            
            CNNVD: CNNVD-201304-031 // 
            
            
            
            NVD: CVE-2013-0681

CREDITS
Dillon Beresford
Trust: 0.3
sources:
            
            
            BID: 58910

SOURCES
db:IVDid:03949d62-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02824
db:BIDid:58910
db:JVNDBid:JVNDB-2013-002155
db:CNNVDid:CNNVD-201304-031
db:NVDid:CVE-2013-0681

LAST UPDATE DATE
2024-11-23T21:55:36.526000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-02824date:2013-05-26T00:00:00
db:BIDid:58910date:2015-03-19T08:43:00
db:JVNDBid:JVNDB-2013-002155date:2013-04-09T00:00:00
db:CNNVDid:CNNVD-201304-031date:2013-04-11T00:00:00
db:NVDid:CVE-2013-0681date:2024-11-21T01:48:00.017

SOURCES RELEASE DATE
db:IVDid:03949d62-2353-11e6-abef-000c29c66e3ddate:2013-04-09T00:00:00
db:CNVDid:CNVD-2013-02824date:2013-04-09T00:00:00
db:BIDid:58910date:2013-04-05T00:00:00
db:JVNDBid:JVNDB-2013-002155date:2013-04-09T00:00:00
db:CNNVDid:CNNVD-201304-031date:2013-04-11T00:00:00
db:NVDid:CVE-2013-0681date:2013-04-05T21:55:00.847