OTPulse
FeedAboutContact

Cogent DataHub Code Injection Vulnerability

Act NowICS-CERT ICSA-14-198-01Apr 19, 2014
Summary

Cogent DataHub versions 7.3.4 and earlier contain a code injection vulnerability (CWE-94) that allows unauthenticated remote code execution. An attacker can send crafted input that bypasses validation and executes arbitrary code within the DataHub process.

What this means
What could happen
An attacker with network access to DataHub could inject and execute arbitrary code on the server, potentially allowing them to manipulate process data, alter alarming thresholds, or disrupt data collection across your plant.
Who's at risk
Water and electric utilities using Cogent DataHub as their real-time data aggregation or historian platform are affected. This includes facilities relying on DataHub to collect SCADA data, manage process setpoints, or log operational metrics from PLCs, RTUs, and sensors.
How it could be exploited
An attacker sends a specially crafted message or input to the DataHub service that bypasses input validation. The injected code is then executed by the DataHub process with the privileges of that service, giving the attacker control over data handling and plant communications.
Prerequisites
  • Network access to the DataHub service port
  • No authentication required
Remotely exploitableNo authentication requiredCode injectionNo patch availableHigh EPSS score (71%)
Exploitability
High exploit probability (EPSS 71.0%)
Affected products (1)
ProductAffected VersionsFix Status
Cogent DataHub: <=V7.3.4≤ V7.3.4No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGImplement network segmentation: restrict inbound access to DataHub from only trusted engineering workstations and process servers. Use firewall rules to block unnecessary network paths.
HARDENINGRun DataHub with least-privilege service account (not SYSTEM or Administrator). Limit file system and registry access for the DataHub process account.
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor DataHub process for unexpected child process creation or code execution events. Alert on any execution of interpreters or system utilities spawned by the DataHub service.
Mitigations - no patch available
0/1
Cogent DataHub: <=V7.3.4 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGEvaluate migration to a newer data integration platform or DataHub replacement that is actively maintained and patched.
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/0035f7d1-9069-4406-9d19-8287c00b2738