ICS-CERT: Cogent DataHub Application Vulnerability

Wednesday, January 18, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

ICS-CERT is aware of a public report of multiple vulnerabilities in Cogent’s DataHub application.

These vulnerabilities include cross-site scripting and an HTTP header injection vulnerability, also known as a carriage return line feed. According to the report, Cogent Real-Times Systems Inc. has produced a patch that resolves these vulnerabilities.

Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported these vulnerabilities to JPCERT/CC.

AFFECTED PRODUCTS

• Cogent DataHub Version 7.1.2 and earlier
• OPC DataHub Version 6.4.20 and earlier
• Cascade DataHub Version 6.4.20 and earlier.

IMPACT

Successful exploitation of these vulnerabilities could result in one or more of the following:

• An arbitrary script being executed on the user's web browser
• Forged information may be displayed on the user's web browser
• An HTTP response splitting attack may be conducted.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.

BACKGROUND

Cogent Real-Time Systems Inc. is a Canadian-based company that produces middleware applications that are used to interface with control systems.
According to Cogent, DataHub is deployed across several sectors including manufacturing, building automation, chemical, banking and finance, electric utilities, and others. Cogent estimates these products are used primarily in the United States and Great Britain.

VULNERABILITY OVERVIEW

CROSS-SITE SCRIPTING: A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks that exploit these vulnerabilities require that a user visit a specially crafted URL, which injects client-side scripts into the server’s HTTP response to the client.

CVE-2012-0309 has been assigned to this vulnerability. A CVSS V2 base score of 4.3 has also been assigned.

EXPLOITABILITY

This vulnerability is remotely exploitable but may social engineering. An attacker with a low to moderate skill level could exploit these vulnerabilities. No known exploits specifically target this vulnerability.

MITIGATION

According to the report, Cogent Real-Time Systems In. has produced a patch for these vulnerabilities that can be obtained by accessing the Cogent website located here: http://www.cogentdatahub.com/Contact_Form.html and filling out the required information.

ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.

• Minimize network exposure for all control system devices. Critical devices should not directly face the Internet.
• Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
• When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPN is only as secure as the connected devices.

The Control Systems Security Program (CSSP) also provides a section for control systems security recommended practices on the CSSP web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:

1. Do not click web links or open unsolicited attachments in e-mail messages

2. Refer to Recognizing and Avoiding Email Scams

3. Refer to Avoiding Social Engineering and Phishing Attacks for more information on avoiding e-mail scams

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf

Possibly Related Articles:
15129
US-CERT
XSS SCADA Application Security Social Engineering Vulnerabilities Cross Site Scripting Advisory Critical Patch Updates ICS ICS-CERT Industrial Control Systems Kuang-Chun Hung ICST Cogent DataHub HTTP response splitting attack
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.