CVE-2013-0682 - OpenCVE

Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cogentdatahub	Cascade Datahub Cogent Datahub Datahub Quicktrend Opc Datahub
Microsoft	Windows

Configuration 1 [-]

OR	cpe:2.3:a:cogentdatahub:cogent_datahub::::::::
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:cogentdatahub:opc_datahub::::::::
	cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:::::::*

Configuration 3 [-]

AND

OR	cpe:2.3:a:cogentdatahub:cascade_datahub::::::::
	cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2013-04-05T21:00:00Z

Updated: 2024-09-16T23:42:06.462Z

Reserved: 2012-12-19T00:00:00Z

Link: CVE-2013-0682

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-04-05T21:55:00.863

Modified: 2013-04-09T04:00:00.000

Link: CVE-2013-0682

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-04-05T21:00:00Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-0682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:33:05.495Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-0682", "datePublished": "2013-04-05T21:00:00Z", "dateReserved": "2012-12-19T00:00:00Z", "dateUpdated": "2024-09-16T23:42:06.462Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*", "matchCriteriaId": "295B2419-6CBA-4815-B0E8-51D5F5BCCB80", "versionEndIncluding": "7.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*", "matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*", "matchCriteriaId": "5AF17ED5-1959-48BD-8166-730151AE4DE7", "versionEndIncluding": "6.4.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:6.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "49266854-6F6B-43F1-8A2F-DE12CAC65F99", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B53B6E6-3FA4-461E-9CCB-1797D513F84F", "versionEndIncluding": "6.4.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:6.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "A4E8524E-2F62-4B01-83E7-686525DB00D2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cogentdatahub:datahub_quicktrend:*:*:*:*:*:*:*:*", "matchCriteriaId": "4472B878-C776-45F2-93EF-F4C423F2AB61", "versionEndIncluding": "7.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory."}, {"lang": "es", "value": "Cogent Real-Time Systems Cogent DataHub anteriores a v7.3.0, OPC DataHub asnteriores a v6.4.22, Cascade DataHub anteriores a v6.4.22 en Windows, y DataHub QuickTrend anteriores a v7.3.0 no manejan las excepciones de forma adecuada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de datos mal generados en un comando de texto formateado, conduciendo un acceso fuera del l\u00edmite a (1) memoria din\u00e1mica o (2) pila de memoria."}], "id": "CVE-2013-0682", "lastModified": "2013-04-09T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-05T21:55:00.863", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}