1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Cogent DataHub CVE-2014-3789

Web Attack: Cogent DataHub CVE-2014-3789

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts of leveraging a remote code execution vulnerability in Cogent Real-Time Systems DataHub which could lead to execute arbitrary code in the context of the affected application.

Additional Information

Cogent Real-Time Systems DataHub is an application for the SCADA and automation sector.

Cogent Real-Time Systems DataHub is prone to a remote code-execution vulnerability because the application fails to properly sanitize user supplied data submmited to 'GetPermissions.asp' script.

Successfully exploiting this issue will allow attackers to execute arbitrary code in the context of the affected application.

Affected

  • Versions prior to Cogent DataHub 7.3.5 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube