Vulnerability Note VU#976484
RealFlex RealWin buffer overflow
RealFlex RealWin demo version contains a vulnerability in the way "FC_INFOTAG/SET_CONTROL" packets are processed.
RealFlex RealWin is SCADA server software that includes a Human Machine Interface (HMI) componant and runs on Microsoft Windows 2000 or XP. The demo version of RealWin contains a stack overflow in the way malicious "FC_INFOTAG/SET_CONTROL" packets are processed. According to Reversemode:
The bug is a classic stack overflow while processing a specially crafted FC_INFOTAG/SET_CONTROL packet. RealWin server accepts connections from FlewWin clients which use a propietary protocol. We can exploit this flaw from remote without having valid credentials.
This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service.
Systems Affected (Learn More)
It appears that RealFlex (including RealWin and other products) was spun off from from DATAC (also known as: DCIL, DATAC Control International, Ltd., DATACONLINE) and that DATAC remains a licensed distributor of RealWin and other RealFlex products.
|Vendor||Status||Date Notified||Date Updated|
|DatacOnline||Affected||13 Nov 2008||18 Dec 2008|
|DatacOnline||Affected||-||02 Dec 2008|
|RealFlex||Affected||-||18 Dec 2008|
CVSS Metrics (Learn More)
This issue was reported by Ruben Santamarta of Reversemode.
This document was written by Chris Taschner.
- CVE IDs: CVE-2008-4322
- Date Public: 26 Sep 2008
- Date First Published: 02 Dec 2008
- Date Last Updated: 13 Jan 2009
- Severity Metric: 2.47
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.