Details of VAR-201405-0284

ID

VAR-201405-0284

CVE

CVE-2014-2353

TITLE

Cogent Real-Time Systems DataHub Reflective Cross-Site Scripting Vulnerability

Trust: 1.0

sources: IVD: 7d725681-463f-11e9-8854-000c29342cb1 // IVD: f3cb65c4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03446

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cogent DataHub is software for SCADA and automation. Cogent DataHub has a reflective cross-site scripting vulnerability that allows an attacker to exploit a vulnerability to build a malicious URI, entice a user to resolve, obtain sensitive cookies, hijack a session, or perform malicious operations on the client. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Cogent DataHub 7.3.5 is vulnerable; other versions may also be affected

Trust: 2.79

sources: NVD: CVE-2014-2353 // JVNDB: JVNDB-2014-002713 // CNVD: CNVD-2014-03446 // BID: 67770 // IVD: 7d725681-463f-11e9-8854-000c29342cb1 // IVD: f3cb65c4-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7d725681-463f-11e9-8854-000c29342cb1 // IVD: f3cb65c4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03446

AFFECTED PRODUCTS

vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.2.2	Trust: 2.2
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.1.63	Trust: 2.2
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.1	Trust: 2.2
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.0	Trust: 2.2
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.0.2	Trust: 2.2
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.0	Trust: 2.2
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.1	Trust: 2.2
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.2	Trust: 2.2
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.3	Trust: 2.2
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.0	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.2	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.4	Trust: 1.2
vendor:	cogentdatahub	model:	cogent datahub	scope:	lte	version:	7.3.4	Trust: 1.0
vendor:	cogent real time	model:	datahub	scope:	lt	version:	7.3.5	Trust: 0.8
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.0	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.0.2	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.1.0	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.1.1	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.1.1.63	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.1.2	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.2.2	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.3.0	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.3.1	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.3.2	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.3.3	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.5	Trust: 0.3

sources: IVD: 7d725681-463f-11e9-8854-000c29342cb1 // IVD: f3cb65c4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03446 // BID: 67770 // JVNDB: JVNDB-2014-002713 // CNNVD: CNNVD-201405-583 // NVD: CVE-2014-2353

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2353
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2353
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03446
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201405-583
value:	MEDIUM
Trust: 0.6
IVD:	7d725681-463f-11e9-8854-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	f3cb65c4-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2014-2353
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03446
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d725681-463f-11e9-8854-000c29342cb1
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	f3cb65c4-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 7d725681-463f-11e9-8854-000c29342cb1 // IVD: f3cb65c4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03446 // JVNDB: JVNDB-2014-002713 // CNNVD: CNNVD-201405-583 // NVD: CVE-2014-2353

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2014-002713 // NVD: CVE-2014-2353

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-583

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201405-583

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002713

PATCH

title:	Release Notes	url:	http://cogentdatahub.com/ReleaseNotes.html	Trust: 0.8
title:	Patch for Cogent Real-Time Systems DataHub Reflective Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/46102	Trust: 0.6

sources: CNVD: CNVD-2014-03446 // JVNDB: JVNDB-2014-002713

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2353	Trust: 3.7
db:	ICS CERT	id:	ICSA-14-149-02	Trust: 3.3
db:	CNVD	id:	CNVD-2014-03446	Trust: 1.0
db:	CNNVD	id:	CNNVD-201405-583	Trust: 1.0
db:	BID	id:	67770	Trust: 0.9
db:	JVNDB	id:	JVNDB-2014-002713	Trust: 0.8
db:	IVD	id:	7D725681-463F-11E9-8854-000C29342CB1	Trust: 0.2
db:	IVD	id:	F3CB65C4-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-149-02	Trust: 3.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2353	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2353	Trust: 0.8
url:	http://cogentdatahub.com/index.html	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-149-02#footnotee_x5ie90t	Trust: 0.3

sources: CNVD: CNVD-2014-03446 // BID: 67770 // JVNDB: JVNDB-2014-002713 // CNNVD: CNNVD-201405-583 // NVD: CVE-2014-2353

CREDITS

Alain Homewood

Trust: 0.3

sources: BID: 67770

SOURCES

db:	IVD	id:	7d725681-463f-11e9-8854-000c29342cb1
db:	IVD	id:	f3cb65c4-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-03446
db:	BID	id:	67770
db:	JVNDB	id:	JVNDB-2014-002713
db:	CNNVD	id:	CNNVD-201405-583
db:	NVD	id:	CVE-2014-2353

LAST UPDATE DATE

2024-11-23T22:35:15.817000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03446	date:	2014-06-06T00:00:00
db:	BID	id:	67770	date:	2015-03-19T08:26:00
db:	JVNDB	id:	JVNDB-2014-002713	date:	2014-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201405-583	date:	2014-06-04T00:00:00
db:	NVD	id:	CVE-2014-2353	date:	2024-11-21T02:06:08.160

SOURCES RELEASE DATE

db:	IVD	id:	7d725681-463f-11e9-8854-000c29342cb1	date:	2014-06-06T00:00:00
db:	IVD	id:	f3cb65c4-2351-11e6-abef-000c29c66e3d	date:	2014-06-06T00:00:00
db:	CNVD	id:	CNVD-2014-03446	date:	2014-06-05T00:00:00
db:	BID	id:	67770	date:	2014-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-002713	date:	2014-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201405-583	date:	2014-05-30T00:00:00
db:	NVD	id:	CVE-2014-2353	date:	2014-05-30T23:55:02.910