RealFlex RealWin FC_RFUSER_FCS_LOGIN Buffer Overflow

Added: 04/01/2011
CVE: CVE-2011-1563
BID: 46937

Background

RealWin is a Supervisory Control and Data Acquisition (SCADA) server which is distributed by DATAC.

Problem

A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially crafted FC_RFUSER_FCS_LOGIN packet.

Resolution

Block access to port 910/TCP.

References

http://secunia.com/advisories/43848

Limitations

Exploit works on RealFlex RealWin SCADA System 1.6 on Microsoft Windows Server 2003 SP2 with KB956802 and KB2393802.

Platforms

Windows 2003

Back to exploit index