ID CVE-2011-1564
Summary Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:realflex:realwin:1.06:*:*:*:*:*:*:*
    cpe:2.3:a:realflex:realwin:1.06:*:*:*:*:*:*:*
  • cpe:2.3:a:realflex:realwin:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:realflex:realwin:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realflex:realwin:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:realflex:realwin:2.1:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 22-09-2011 - 03:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 46937
exploit-db 17025
misc
secunia 43848
sreason 8177
vupen ADV-2011-0742
saint via4
  • bid 46937
    description RealFlex RealWin FC_RFUSER_FCS_LOGIN Buffer Overflow
    title datac_realwin_fcrfuserfcslogin
    type remote
  • bid 46937
    description RealFlex RealWin FC_SCRIPT_FCS_STARTPROG Buffer Overflow
    title datac_realwin_fcscriptfcsstartprog
    type remote
  • bid 46937
    description DATAC RealWin SCADA Server TAG function stack overflow
    title datac_realwin_tag_overflow
    type remote
Last major update 22-09-2011 - 03:30
Published 05-04-2011 - 15:19
Last modified 22-09-2011 - 03:30
Back to Top