September 13, 2011 (revised October 7, 2011)

Luigi Auriemma has disclosed publically mulitple vulnerabilities with the Cogent DataHub application.

Cogent DataHub is prone to a directory-traversal vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting the issues may allow an attacker to obtain sensitive information that could aid in further attacks.

Cogent DataHub is prone to multiple buffer-overflow and integer-overflow vulnerabilities.

Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the privileged domain (Dom0). Failed attempts will likely cause denial-of-service conditions.

Cogent has confirmed that the following products are affected:
-  Cogent DataHub ALL Version 7 until 7.1.2
-  OPC DataHug PRIOR to Version 6.4.20
-  Cascade DataHub ALL of Version 6.6.4.20

ICSA-11-280-01
ICS-ALERT-11-256-03

Vendor Homepage
DataHub Product Info
Cogent DataHub - Online Documentation

Exploit-DB ID 17884
Exploit-DB ID 17838
Exploit-DB ID 17839
Exploit-DB ID 17840
Security Focus ID 49610
Luigi Auriemma Directory Traversal PoC
Luigi Auriemma Integer Overflow PoC
Luigi Auriemma Stack Unicode Overflow PoC
Attackers can exploit the directory traversal vulnerability via a browser
Additional PoC links available in Disclosure Reference by Luigi Auriemma

CVE-2011-3493
NVD CVE-2011-3493
CVE-2011-3500
NVD CVE-2011-3500
CVE-2011-3501
NVD CVE-2011-3501
CVE-2011-3502
NVD CVE-2011-3502

Disclosure (Luigi Auriemma) Part 1 of 4
Disclosure (Luigi Auriemma) Part 2 of 4
Disclosure (Luigi Auriemma) Part 3 of 4
Disclosure (Luigi Auriemma) Part 4 of 4
Exploit-DB ID 17884
Exploit-DB ID 17838
Exploit-DB ID 17839
Exploit-DB ID 17840
Secunia Advisory #45967
Security Focus Vulnerability Info and Exploit Bugtraq ID 49610
Security Focus Vulnerability Info and Exploit Bugtraq ID 49611

Cogent Patches DataHub Holes (ISSSource)
More SCADA Vulnerabilities Hit Industry (ISSSource)