Sign-up

ID

VAR-201304-0154


CVE

CVE-2013-0682


TITLE

Cogent Real-Time Systems DataHub Text Command Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 038f53d4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02823

DESCRIPTION

Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory. Cogent Real-Time Systems is a real-time data solutions vendor. The Cogent Real-Time Systems DataHub application receives formatted text commands in TCP link mode that are parsed, verified, and executed within the application. An attacker can exploit this issue to execute arbitrary code within the context of the affected applications. Failed exploit attempts may crash the application, denying service to legitimate users. The following Cogent Real-Time Systems products are vulnerable: Cogent DataHub 7.2.2 and prior versions OPC DataHub 6.4.21 and prior versions Cascade DataHub for Windows 6.4.21 and prior versions Cogent DataHub DataSim and DataPid demonstration clients 7.2.2 OPC DataHub DataSim and DataPid demonstration clients 6.4.21 Cascade DataHub DataSim and DataPid demonstration clients 6.4.21 DataHub QuickTrend 7.2.2 and prior versions

Trust: 2.61

sources: NVD: CVE-2013-0682 // JVNDB: JVNDB-2013-002156 // CNVD: CNVD-2013-02823 // BID: 58905 // IVD: 038f53d4-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 038f53d4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02823

AFFECTED PRODUCTS

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.1

Trust: 1.6

vendor:cogentdatahubmodel:cascade datahubscope:eqversion:6.4.20

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.1.63

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.2

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.0

Trust: 1.6

vendor:cogentdatahubmodel:opc datahubscope:eqversion:6.4.20

Trust: 1.6

vendor:cogentdatahubmodel:datahub quicktrendscope:lteversion:7.2.2

Trust: 1.0

vendor:cogentdatahubmodel:opc datahubscope:lteversion:6.4.21

Trust: 1.0

vendor:cogentdatahubmodel:cogent datahubscope:lteversion:7.2.2

Trust: 1.0

vendor:cogentdatahubmodel:cascade datahubscope:lteversion:6.4.21

Trust: 1.0

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.0.2

Trust: 1.0

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.0

Trust: 1.0

vendor:cogent real timemodel:cascade datahubscope:ltversion:6.4.22

Trust: 0.8

vendor:cogent real timemodel:datahubscope:ltversion:7.3.0

Trust: 0.8

vendor:cogent real timemodel:datahub quicktrendscope:ltversion:7.3.0

Trust: 0.8

vendor:cogent real timemodel:opc datahubscope:ltversion:6.4.22

Trust: 0.8

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems cascade datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datahub quicktrendscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datapidscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datapidscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems datasimscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentmodel:real-time systems datasimscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentdatahubmodel:datahub quicktrendscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.2.2

Trust: 0.6

vendor:cogentdatahubmodel:cascade datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentdatahubmodel:opc datahubscope:eqversion:6.4.21

Trust: 0.6

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6.4.20

Trust: 0.3

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6.0.2

Trust: 0.3

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6

Trust: 0.3

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7.1.2

Trust: 0.3

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7.1.1.63

Trust: 0.3

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7

Trust: 0.3

vendor:cogent datahubmodel: - scope:eqversion:7.0

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.0.2

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.0

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.1

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.1.63

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:7.1.2

Trust: 0.2

vendor:cogent datahubmodel: - scope:eqversion:*

Trust: 0.2

vendor:opc datahubmodel: - scope:eqversion:6.4.20

Trust: 0.2

vendor:opc datahubmodel: - scope:eqversion:*

Trust: 0.2

vendor:cascade datahubmodel: - scope:eqversion:6.4.20

Trust: 0.2

vendor:cascade datahubmodel: - scope:eqversion:*

Trust: 0.2

vendor:datahub quicktrendmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 038f53d4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02823 // BID: 58905 // JVNDB: JVNDB-2013-002156 // CNNVD: CNNVD-201304-032 // NVD: CVE-2013-0682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0682
value: HIGH

Trust: 1.0

NVD: CVE-2013-0682
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-02823
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201304-032
value: HIGH

Trust: 0.6

IVD: 038f53d4-2353-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2013-0682
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-02823
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 038f53d4-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 038f53d4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02823 // JVNDB: JVNDB-2013-002156 // CNNVD: CNNVD-201304-032 // NVD: CVE-2013-0682

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2013-002156 // NVD: CVE-2013-0682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-032

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 038f53d4-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201304-032

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002156

PATCH
title:Cogent DataHuburl:http://www.cogentdatahub.com/Products/Cogent_DataHub.html
Trust: 0.8
title:OPC DataHuburl:http://www.cogentdatahub.com/Products/OPC_DataHub.html
Trust: 0.8
title:Cascade DataHuburl:http://www.cogentdatahub.com/Products/Cascade_DataHub.html
Trust: 0.8
title:DataHub QuickTrendurl:http://www.cogentdatahub.com/Products/DataHub_QuickTrend.html
Trust: 0.8
title:Release Notesurl:http://www.cogentdatahub.com/ReleaseNotes.html
Trust: 0.8
title:Download Softwareurl:http://www.cogentdatahub.com/Contact_Form.html
Trust: 0.8
title:TopPageurl:http://www.cogentdatahub.com/jp/
Trust: 0.8
title:Cogent Real-Time Systems DataHub Text Command Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/33174
Trust: 0.6
title:OPCDataHub-6.4.22-130302-Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45674
Trust: 0.6
title:CogentDataHub-7.3.0-130328-Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45673
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-02823 // 
            
            
            
            JVNDB: JVNDB-2013-002156 // 
            
            
            
            CNNVD: CNNVD-201304-032

EXTERNAL IDS
db:NVDid:CVE-2013-0682
Trust: 3.5
db:ICS CERTid:ICSA-13-095-01
Trust: 3.3
db:BIDid:58905
Trust: 0.9
db:CNVDid:CNVD-2013-02823
Trust: 0.8
db:CNNVDid:CNNVD-201304-032
Trust: 0.8
db:JVNDBid:JVNDB-2013-002156
Trust: 0.8
db:IVDid:038F53D4-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 038f53d4-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-02823 // 
            
            
            
            BID: 58905 // 
            
            
            
            JVNDB: JVNDB-2013-002156 // 
            
            
            
            CNNVD: CNNVD-201304-032 // 
            
            
            
            NVD: CVE-2013-0682

REFERENCES
url:http://ics-cert.us-cert.gov/pdf/icsa-13-095-01.pdf
Trust: 3.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0682
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0682
Trust: 0.8
url:http://www.cogentdatahub.com/products/cogent_datahub.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-02823 // 
            
            
            
            BID: 58905 // 
            
            
            
            JVNDB: JVNDB-2013-002156 // 
            
            
            
            CNNVD: CNNVD-201304-032 // 
            
            
            
            NVD: CVE-2013-0682

CREDITS
Dillon Beresford
Trust: 0.3
sources:
            
            
            BID: 58905

SOURCES
db:IVDid:038f53d4-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02823
db:BIDid:58905
db:JVNDBid:JVNDB-2013-002156
db:CNNVDid:CNNVD-201304-032
db:NVDid:CVE-2013-0682

LAST UPDATE DATE
2024-11-23T21:55:36.562000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-02823date:2013-05-17T00:00:00
db:BIDid:58905date:2015-03-19T09:23:00
db:JVNDBid:JVNDB-2013-002156date:2013-04-09T00:00:00
db:CNNVDid:CNNVD-201304-032date:2013-04-07T00:00:00
db:NVDid:CVE-2013-0682date:2024-11-21T01:48:00.127

SOURCES RELEASE DATE
db:IVDid:038f53d4-2353-11e6-abef-000c29c66e3ddate:2013-04-09T00:00:00
db:CNVDid:CNVD-2013-02823date:2013-04-09T00:00:00
db:BIDid:58905date:2013-04-05T00:00:00
db:JVNDBid:JVNDB-2013-002156date:2013-04-09T00:00:00
db:CNNVDid:CNNVD-201304-032date:2013-04-07T00:00:00
db:NVDid:CVE-2013-0682date:2013-04-05T21:55:00.863