Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-... | |||
| ADV-2011-0742 | |||
| 46937 | |||
| 17025 | |||
| 8177 | |||
| 43848 | |||
| http://aluigi.org/adv/realwin_6-adv.txt |