Vulnerability Details : CVE-2011-1563
Public exploit exists!
Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On_FC_CTAGLIST_FCS_CADDTAG, (3) On_FC_CTAGLIST_FCS_CDELTAG, (4) On_FC_CTAGLIST_FCS_ADDTAGMS, (5) On_FC_RFUSER_FCS_LOGIN, (6) unspecified "On_FC_BINFILE_FCS_*FILE", (7) On_FC_CGETTAG_FCS_GETTELEMETRY, (8) On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY, (9) On_FC_CGETTAG_FCS_SETTELEMETRY, (10) On_FC_CGETTAG_FCS_SETCHANNELTELEMETRY, and (11) On_FC_SCRIPT_FCS_STARTPROG packets to port 910.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-1563
- cpe:2.3:a:realflex:realwin:*:*:*:*:*:*:*:*
- cpe:2.3:a:realflex:realwin:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:realflex:realwin:1.06:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1563
60.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-1563
-
RealWin SCADA Server DATAC Login Buffer Overflow
Disclosure Date: 2011-03-21First seen: 2020-04-26exploit/windows/scada/realwin_on_fcs_loginThis module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute -
DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow
Disclosure Date: 2011-03-21First seen: 2020-04-26exploit/windows/scada/realwin_on_fc_binfile_aThis module exploits a vulnerability found in DATAC Control International RealWin SCADA Server 2.1 and below. By supplying a specially crafted On_FC_BINFILE_FCS_*FILE packet via port 910, RealWin will try to create a file (which would be saved to C:\Program Files\D
CVSS scores for CVE-2011-1563
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-1563
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1563
-
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf
404 - File Not Found | CISAUS Government Resource
-
http://aluigi.org/adv/realwin_5-adv.txt
Exploit
-
http://aluigi.org/adv/realwin_3-adv.txt
Exploit
-
http://aluigi.org/adv/realwin_4-adv.txt
Exploit
-
http://www.vupen.com/english/advisories/2011/0742
Webmail | OVH- OVHVendor Advisory
-
http://aluigi.org/adv/realwin_7-adv.txt
Exploit
-
http://aluigi.org/adv/realwin_8-adv.txt
Exploit
-
http://www.exploit-db.com/exploits/17025
DATAC RealWin - Multiple Vulnerabilities - Windows dos ExploitExploit
-
http://securityreason.com/securityalert/8176
DATAC RealWin <= 2.1 (Build 6.1.10.10) stack overflow - CXSecurity.com
-
http://www.securityfocus.com/bid/46937
DATAC RealWin SCADA Server Multiple Remote Buffer Overflow Vulnerabilities
-
http://aluigi.org/adv/realwin_2-adv.txt
Exploit
Jump to