CVE-2011-1563
CVE-2011-1563
Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On_FC_CTAGLIST_FCS_CADDTAG, (3) On_FC_CTAGLIST_FCS_CDELTAG, (4) On_FC_CTAGLIST_FCS_ADDTAGMS, (5) On_FC_RFUSER_FCS_LOGIN, (6) unspecified "On_FC_BINFILE_FCS_*FILE", (7) On_FC_CGETTAG_FCS_GETTELEMETRY, (8) On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY, (9) On_FC_CGETTAG_FCS_SETTELEMETRY, (10) On_FC_CGETTAG_FCS_SETCHANNELTELEMETRY, and (11) On_FC_SCRIPT_FCS_STARTPROG packets to port 910.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/17025unverifiedcve_referencewww.exploit-db.com/exploits/17025unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://aluigi.org/adv/realwin_2-adv.txthttp://aluigi.org/adv/realwin_3-adv.txthttp://aluigi.org/adv/realwin_4-adv.txthttp://aluigi.org/adv/realwin_5-adv.txthttp://aluigi.org/adv/realwin_7-adv.txthttp://aluigi.org/adv/realwin_8-adv.txthttp://secunia.com/advisories/43848http://securityreason.com/securityalert/8176http://www.exploit-db.com/exploits/17025http://www.securityfocus.com/bid/46937http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdfhttp://www.vupen.com/english/advisories/2011/0742