Cogent DataHub Elevation of Privilege Vulnerability

Monitor7.8ICS-CERT ICSA-16-084-01Dec 26, 2016

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Cogent DataHub versions 7.3.9 and earlier contain an elevation of privilege vulnerability. A user with valid local access and non-elevated privileges can escalate permissions, potentially gaining unauthorized access to modify historian data, process setpoints, alarm thresholds, or other critical operational information. The vulnerability stems from improper privilege management controls (CWE-269).

What this means

What could happen

A user with local access to the DataHub application could escalate their privileges to gain elevated system access, potentially allowing them to modify process data, alter control logic, or disrupt operations.

Who's at risk

Organizations operating Cogent DataHub as a process historian or real-time data collection platform in water treatment, power generation, manufacturing, or other OT environments should be concerned. This affects any facility where DataHub collects or stores critical operational data or process setpoints.

How it could be exploited

An attacker with local user access to a system running DataHub could exploit privilege escalation to gain administrative or system-level permissions. They could then modify historian data, process setpoints, or configuration settings without proper authorization or audit trail.

Prerequisites

Local access to the DataHub system
Valid user account with non-elevated privileges
DataHub version 7.3.9 or earlier installed

No patch availableLow complexity exploitationRequires valid user credentials

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Cogent DataHub: <=7.3.9≤ 7.3.9No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict local access to DataHub systems to authorized operations and engineering staff only; use physical access controls, local firewalls, or host-based access control lists

HARDENINGImplement account privilege management to ensure DataHub users operate with least privileges; regularly audit user permissions

HARDENINGMonitor DataHub for unauthorized privilege escalation attempts or suspicious process execution with elevated rights

Mitigations - no patch available

0/2

Cogent DataHub: <=7.3.9 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment historian and data collection networks from general IT networks to limit lateral movement from compromised user accounts

HARDENINGMaintain contingency plan for DataHub outage; prepare process documentation and manual operation procedures in case emergency action is needed

CVEs (1)

CVE-2016-2288

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ca536d14-e117-4e2a-8385-2c8528995f0c