Details of VAR-201405-0285

ID

VAR-201405-0285

CVE

CVE-2014-2354

TITLE

Cogent DataHub Vulnerabilities in obtaining plaintext passwords

Trust: 0.8

sources: JVNDB: JVNDB-2014-002714

DESCRIPTION

Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. Cogent DataHub is a real-time data solution for SCADA and automation software. Successful exploits will allow the local attackers to perform cryptanalysis to recover the encrypted usernames and passwords to access the system. Versions prior to Cogent DataHub 7.3.5 are vulnerable

Trust: 2.79

sources: NVD: CVE-2014-2354 // JVNDB: JVNDB-2014-002714 // CNVD: CNVD-2014-03426 // BID: 67773 // IVD: 7d7ba54f-463f-11e9-be73-000c29342cb1 // IVD: f3c8170c-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7d7ba54f-463f-11e9-be73-000c29342cb1 // IVD: f3c8170c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03426

AFFECTED PRODUCTS

vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.0	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.1	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.3	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.2.2	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.1.63	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.0	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.1	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.0.2	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.2	Trust: 1.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.1.2	Trust: 1.0
vendor:	cogentdatahub	model:	cogent datahub	scope:	lte	version:	7.3.4	Trust: 1.0
vendor:	cogent real time	model:	datahub	scope:	lt	version:	7.3.5	Trust: 0.8
vendor:	cogent	model:	real-time systems cogent datahub	scope:	lt	version:	7.3.5	Trust: 0.6
vendor:	cogentdatahub	model:	cogent datahub	scope:	eq	version:	7.3.4	Trust: 0.6
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.0	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.0.2	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.1.0	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.1.1	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.1.1.63	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.1.2	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.2.2	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.3.0	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.3.1	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.3.2	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	7.3.3	Trust: 0.4
vendor:	cogent datahub	model:	-	scope:	eq	version:	*	Trust: 0.4

sources: IVD: 7d7ba54f-463f-11e9-be73-000c29342cb1 // IVD: f3c8170c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03426 // JVNDB: JVNDB-2014-002714 // CNNVD: CNNVD-201405-584 // NVD: CVE-2014-2354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2354
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2354
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03426
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201405-584
value:	MEDIUM
Trust: 0.6
IVD:	7d7ba54f-463f-11e9-be73-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	f3c8170c-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2014-2354
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03426
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d7ba54f-463f-11e9-be73-000c29342cb1
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	f3c8170c-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2014-002714 // NVD: CVE-2014-2354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-584

TYPE

Trust management

Trust: 1.0

sources: IVD: 7d7ba54f-463f-11e9-be73-000c29342cb1 // IVD: f3c8170c-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201405-584

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002714

PATCH

title:	Release Notes	url:	http://cogentdatahub.com/ReleaseNotes.html	Trust: 0.8
title:	Cogent Real-Time Systems DataHub Unsafe Password Hash Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/46087	Trust: 0.6

sources: CNVD: CNVD-2014-03426 // JVNDB: JVNDB-2014-002714

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2354	Trust: 3.7
db:	ICS CERT	id:	ICSA-14-149-02	Trust: 3.3
db:	CNVD	id:	CNVD-2014-03426	Trust: 1.0
db:	CNNVD	id:	CNNVD-201405-584	Trust: 1.0
db:	BID	id:	67773	Trust: 0.9
db:	JVNDB	id:	JVNDB-2014-002714	Trust: 0.8
db:	IVD	id:	7D7BA54F-463F-11E9-BE73-000C29342CB1	Trust: 0.2
db:	IVD	id:	F3C8170C-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 7d7ba54f-463f-11e9-be73-000c29342cb1 // IVD: f3c8170c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03426 // BID: 67773 // JVNDB: JVNDB-2014-002714 // CNNVD: CNNVD-201405-584 // NVD: CVE-2014-2354

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-149-02	Trust: 3.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2354	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2354	Trust: 0.8
url:	http://www.cogentdatahub.com/index.html	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-149-02#footnotee_x5ie90t	Trust: 0.3

sources: CNVD: CNVD-2014-03426 // BID: 67773 // JVNDB: JVNDB-2014-002714 // CNNVD: CNNVD-201405-584 // NVD: CVE-2014-2354

CREDITS

Alain Homewood

Trust: 0.3

sources: BID: 67773

SOURCES

db:	IVD	id:	7d7ba54f-463f-11e9-be73-000c29342cb1
db:	IVD	id:	f3c8170c-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-03426
db:	BID	id:	67773
db:	JVNDB	id:	JVNDB-2014-002714
db:	CNNVD	id:	CNNVD-201405-584
db:	NVD	id:	CVE-2014-2354

LAST UPDATE DATE

2024-11-23T22:35:15.856000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03426	date:	2014-06-05T00:00:00
db:	BID	id:	67773	date:	2015-03-19T09:30:00
db:	JVNDB	id:	JVNDB-2014-002714	date:	2014-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201405-584	date:	2014-06-04T00:00:00
db:	NVD	id:	CVE-2014-2354	date:	2024-11-21T02:06:08.263

SOURCES RELEASE DATE

db:	IVD	id:	7d7ba54f-463f-11e9-be73-000c29342cb1	date:	2014-06-05T00:00:00
db:	IVD	id:	f3c8170c-2351-11e6-abef-000c29c66e3d	date:	2014-06-05T00:00:00
db:	CNVD	id:	CNVD-2014-03426	date:	2014-06-04T00:00:00
db:	BID	id:	67773	date:	2014-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2014-002714	date:	2014-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201405-584	date:	2014-05-30T00:00:00
db:	NVD	id:	CVE-2014-2354	date:	2014-05-30T23:55:02.987