Cogent DataHub Vulnerabilities

CVEs (4)

Remediations

• Cogent recommends the following mitigation strategies: Turn off Ports 4502\TCP and 4503\TCP if they are not in use. This can be done in the Tunnel/Mirror properties of Datahub. If Ports 4502\TCP and 4503\TCP are in use, configure authentication on all TCP connections. Instructions for doing this are below: Remove all permissions for the special user names “TCP” and “Mirror” in the security properties of the DataHub. Create a group for users who are authorized, and allow “BasicConnectivity” for that group. The DataHub will then refuse all commands from unauthenticated TCP connections, and still allow authenticated users to connect. (http://www.cogentdatahub.com/Docs/cdh-dhsecurity.html)
• If DataHub Web Server is not being used, turn it off in the Web Server properties. If DataHub Web Server is exposed to the Internet, configure user and password authentication. (http://www.cogentdatahub.com/Docs/cdh-webcreatingpasswords.html)
• In both cases, if access to DataHub from the Internet is not required, block Ports 4502\TCP, 4503\TCP, 80\TCP, and 943\TCP at your firewall, and only allow connections on these ports from within your local area network. Upgrade to Version 7.1.2 of DataHub or Version 6.4.20 of the OPC DataHub or Cascade DataHub if running in an untrusted environment. (http://www.cogentdatahub.com/Download.html)

Affected Vendors

Affected Products (3)