CVE-2010-4142 : Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a

Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.

Published 2010-11-02 02:26:37

Updated 2010-11-04 04:00:00

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2010-4142

Probability of exploitation activity in the next 30 days: 44.49%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2010-4142

DATAC RealWin SCADA Server SCPC_INITIALIZE_RF Buffer Overflow

Disclosure Date: 2010-10-15

First seen: 2020-04-26

exploit/windows/scada/realwin_scpc_initialize_rf

This module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 (Build 6.1.8.10). By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Authors: - Luigi Auriemma - MC <mc@metasploit.com>

More information
DATAC RealWin SCADA Server SCPC_INITIALIZE Buffer Overflow

Disclosure Date: 2010-10-15

First seen: 2020-04-26

exploit/windows/scada/realwin_scpc_initialize

This module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 (Build 6.1.8.10). By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Authors: - Luigi Auriemma - MC <mc@metasploit.com>

More information
DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow

Disclosure Date: 2010-11-18

First seen: 2020-04-26

exploit/windows/scada/realwin_scpc_txtevent

This module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 (Build 6.1.8.10). By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Authors: - Luigi Auriemma - MC <mc@metasploit

More information

CVSS scores for CVE-2010-4142

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-4142

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-4142

http://aluigi.org/adv/realwin_1-adv.txt

Exploit
http://www.exploit-db.com/exploits/15259

DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow - Windows dos Exploit
Exploit
http://www.exploit-db.com/exploits/15337

DATAC RealWin SCADA Server 1.06 - Remote Buffer Overflow - Windows remote Exploit
Exploit
http://www.securityfocus.com/bid/44150

DATAC RealWin HMI Service Multiple Remote Buffer Overflow Vulnerabilities
Exploit

Products affected by CVE-2010-4142

Realflex » Realwin » Version: 2.0
cpe:2.3:a:realflex:realwin:2.0:*:*:*:*:*:*:*
Matching versions
Realflex » Realwin » Version: 1.06
cpe:2.3:a:realflex:realwin:1.06:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-4142

Exploit prediction scoring system (EPSS) score for CVE-2010-4142

Metasploit modules for CVE-2010-4142

DATAC RealWin SCADA Server SCPC_INITIALIZE_RF Buffer Overflow

DATAC RealWin SCADA Server SCPC_INITIALIZE Buffer Overflow

DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow

CVSS scores for CVE-2010-4142

CWE ids for CVE-2010-4142

References for CVE-2010-4142

Products affected by CVE-2010-4142