Vulnerability Note VU#222657

RealFlex RealWin HMI service buffer overflows

Original Release date: 19 Nov 2010 | Last revised: 23 Nov 2010


RealFlex RealWin 1.06 HMI service (912/tcp) contains two stack buffer overflow vulnerabilities.


RealFlex RealWin is a SCADA server package for medium and small applications designed to control and monitor real-time applications. The RealWin application runs an HMI service on port 912/tcp. This service is vulnerable to two stack-based buffer overflows. One vulnerability is caused by the use of sprintf() in the SCPC_INITIALIZE() and SCPC_INITIALIZE_RF() functions. The second vulnerability is caused by the use of strcpy() in the SCPC_TXTEVENT() function.

Further information is available in ICS_CERT Advisory ICSA-10-313-01


An attacker may be able to cause a denial of service or potentially execute arbitrary code with the privileges of the service account on to the target machine. If the service account has administrative privileges, the attacker could take complete control of a vulnerable system.


Upgrade to RealWin 2.1.10 (2.1 Build

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
RealFlex Technologies Ltd.Affected29 Oct 201012 Nov 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Luigi Auriemma publicly reported this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2010-4142
  • Date Public: 27 Oct 2010
  • Date First Published: 19 Nov 2010
  • Date Last Updated: 23 Nov 2010
  • Severity Metric: 12.07
  • Document Revision: 22


If you have feedback, comments, or additional information about this vulnerability, please send us email.