Cogent DataHub Vulnerabilities

Low RiskICS-CERT ICSA-14-149-02Mar 1, 2014

Summary

Cogent DataHub versions prior to 7.3.5 contain multiple vulnerabilities including cross-site scripting (CWE-80), directory traversal (CWE-22), and weak password hashing (CWE-916). These flaws allow attackers to inject malicious code, access restricted files, or attempt unauthorized access to historian and control data without requiring strong authentication. No vendor fix is available; the product is end-of-life.

What this means

What could happen

An attacker could inject malicious code, traverse directories to access sensitive files, or bypass authentication checks on the DataHub server, potentially compromising industrial process data or control logic.

Who's at risk

Water utilities, electric utilities, and manufacturing facilities using Cogent DataHub for historian, data logging, or supervisory data collection. Any organization running DataHub versions prior to 7.3.5 is affected, particularly those with publicly routable or poorly segmented industrial networks.

How it could be exploited

An attacker with network access to the DataHub service could exploit CWE-80 (cross-site scripting), CWE-22 (directory traversal), or CWE-916 (use of password hash with insufficient computational effort) to inject code, read restricted files, or crack weak password hashes and gain unauthorized access to the system.

Prerequisites

Network access to DataHub service port
No authentication required for some vulnerability vectors

remotely exploitableno patch availablelow complexityaffects data historian / supervisory systems

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

DataHub: <7.3.5<7.3.5No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate DataHub servers from untrusted networks using firewall rules; restrict access to known engineering workstations and control systems only

WORKAROUNDDisable or restrict any web interface or remote access features on DataHub if not actively used for operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor DataHub logs for suspicious activity, unusual file access patterns, or failed authentication attempts

Mitigations - no patch available

0/1

DataHub: <7.3.5 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan migration to a newer version of DataHub or an alternative data historian that receives vendor security updates

CVEs (3)

CVE-2014-2353 CVE-2014-2352 CVE-2014-2354

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0d2ce96c-ef8a-45df-a0fa-0f8444464ab0