OTPulse
FeedAboutContact

Cogent DataHub Code Injection Vulnerability

Act NowICS-CERT ICSA-15-246-01Jun 6, 2015
Summary

Cogent DataHub versions 7.3.8 and earlier contain a code injection vulnerability (CWE-94) in input handling. An attacker can inject arbitrary code that the application executes without proper sanitization, potentially allowing remote code execution. The vendor has indicated no fix will be provided for this product. DataHub is commonly used as a data acquisition and historian platform in industrial control systems for collecting real-time data from field devices and PLCs.

What this means
What could happen
An attacker could inject and execute arbitrary code on systems running Cogent DataHub, potentially allowing them to alter real-time data values, manipulate process control logic, or disrupt data collection and reporting functions critical to plant operations.
Who's at risk
This vulnerability affects any organization using Cogent DataHub for real-time data acquisition and historian functions. Water utilities and electric utilities relying on DataHub for SCADA data collection, energy management systems, or historical data logging are at risk. Any critical historian or data gateway function using DataHub through version 7.3.8 is vulnerable.
How it could be exploited
An attacker with network access to the DataHub service could send specially crafted input containing code to the DataHub application. The application fails to properly sanitize this input before executing it, allowing the attacker to run arbitrary code with the privileges of the DataHub process.
Prerequisites
  • Network access to Cogent DataHub service port/interface
  • No authentication required (code injection likely occurs at an unauthenticated entry point)
Remotely exploitableNo authentication requiredNo patch availableHigh exploit probability (71% EPSS)Code injection allows arbitrary execution
Exploitability
High exploit probability (EPSS 71.0%)
Affected products (1)
ProductAffected VersionsFix Status
Cogent DataHub: <=7.3.8≤ 7.3.8No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/1
HARDENINGImplement network-level access controls (firewall rules, air-gapping) to restrict which systems can connect to DataHub ports and services
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

WORKAROUNDDeploy a Web Application Firewall (WAF) or intrusion detection system (IDS) to monitor and block suspicious input patterns targeting DataHub
HARDENINGDisable or restrict DataHub services that are not actively required for operations
Mitigations - no patch available
0/2
Cogent DataHub: <=7.3.8 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGEvaluate migration to a vendor product with active security support and regular patching
HARDENINGMonitor DataHub process behavior and system logs for signs of unauthorized code execution or unexpected process spawning
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/cb53f67e-1c61-4420-b5df-ad2090c5b63a
Cogent DataHub Code Injection Vulnerability - OTPulse