search menu icon-carat-right cmu-wordmark

CERT Coordination Center


RealFlex RealWin HMI service buffer overflows

Vulnerability Note VU#222657

Original Release Date: 2010-11-19 | Last Revised: 2010-11-23

Overview

RealFlex RealWin 1.06 HMI service (912/tcp) contains two stack buffer overflow vulnerabilities.

Description

RealFlex RealWin is a SCADA server package for medium and small applications designed to control and monitor real-time applications. The RealWin application runs an HMI service on port 912/tcp. This service is vulnerable to two stack-based buffer overflows. One vulnerability is caused by the use of sprintf() in the SCPC_INITIALIZE() and SCPC_INITIALIZE_RF() functions. The second vulnerability is caused by the use of strcpy() in the SCPC_TXTEVENT() function.

Further information is available in ICS_CERT Advisory ICSA-10-313-01

Impact

An attacker may be able to cause a denial of service or potentially execute arbitrary code with the privileges of the service account on to the target machine. If the service account has administrative privileges, the attacker could take complete control of a vulnerable system.

Solution

Upgrade to RealWin 2.1.10 (2.1 Build 6.1.10.10).

Vendor Information

222657
Expand all

RealFlex Technologies Ltd.

Notified:  October 29, 2010 Updated:  November 12, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Upgrade to RealWin 2.1.10 (2.1 Build 6.1.10.10).

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Luigi Auriemma publicly reported this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2010-4142
Severity Metric: 12.07
Date Public: 2010-10-27
Date First Published: 2010-11-19
Date Last Updated: 2010-11-23 19:25 UTC
Document Revision: 22

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.