RealFlex RealWin FC_SCRIPT_FCS_STARTPROG Buffer Overflow

Added: 04/11/2011
CVE: CVE-2011-1563
BID: 46937

Background

RealWin is a Supervisory Control and Data Acquisition (SCADA) server which is distributed by DATAC.

Problem

A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially crafted FC_SCRIPT_FCS_STARTPROG packet.

Resolution

Block access to port 910/TCP.

References

http://secunia.com/advisories/43848

Limitations

Exploit works on RealFlex RealWin SCADA System 1.6.

Platforms

Windows

Back to exploit index