CVE-2013-0682

Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cogentdatahub:cogent_datahub::::::::
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:cogentdatahub:opc_datahub::::::::
	cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:::::::*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:cogentdatahub:cascade_datahub::::::::
	cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-04-05 21:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-0682

Mitre link : CVE-2013-0682

CVE.ORG link : CVE-2013-0682

JSON object : View

Products Affected

microsoft

windows

cogentdatahub

cascade_datahub
datahub_quicktrend
opc_datahub
cogent_datahub

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2013-0682", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-05T21:55:00.863", "references": [{"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory."}, {"lang": "es", "value": "Cogent Real-Time Systems Cogent DataHub anteriores a v7.3.0, OPC DataHub asnteriores a v6.4.22, Cascade DataHub anteriores a v6.4.22 en Windows, y DataHub QuickTrend anteriores a v7.3.0 no manejan las excepciones de forma adecuada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de datos mal generados en un comando de texto formateado, conduciendo un acceso fuera del l\u00edmite a (1) memoria din\u00e1mica o (2) pila de memoria."}], "lastModified": "2013-04-09T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "295B2419-6CBA-4815-B0E8-51D5F5BCCB80", "versionEndIncluding": "7.2.2"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AF17ED5-1959-48BD-8166-730151AE4DE7", "versionEndIncluding": "6.4.21"}, {"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49266854-6F6B-43F1-8A2F-DE12CAC65F99"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B53B6E6-3FA4-461E-9CCB-1797D513F84F", "versionEndIncluding": "6.4.21"}, {"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4E8524E-2F62-4B01-83E7-686525DB00D2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4472B878-C776-45F2-93EF-F4C423F2AB61", "versionEndIncluding": "7.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}