RealWin < 2.1.12 Multiple Buffer Overflows

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a SCADA application that is affected
by multiple buffer overflow vulnerabilities.

Description :

The installed version of RealWin is earlier than 2.1.12 (2.1 Build
6.1.12.12) and thus reportedly affected by seven heap- and stack-based
buffer overflow vulnerabilities.

Using a specially crafted sequence of packets to the applications
services listening on TCP ports 910 and 912, an unauthenticated remote
attacker who can leverage this issue to crash the affected service or
to execute code on the affected host with SYSTEM-level privileges.

Note that while the vendor claims the vulnerabilities only affect the
demo version of RealWin, there is speculation that this is inaccurate
and that use of an encryption option in the commercial version only
serves to mitigate the risk of attack, not completely eliminate it.
Given that new versions of both the demo and commercial versions are
available, we feel the prudent course of action is for the plugin to
check only the version number.

See also :

http://aluigi.org/adv/realwin_2-adv.txt
http://aluigi.org/adv/realwin_3-adv.txt
http://aluigi.org/adv/realwin_4-adv.txt
http://aluigi.org/adv/realwin_5-adv.txt
http://aluigi.org/adv/realwin_6-adv.txt
http://aluigi.org/adv/realwin_7-adv.txt
http://aluigi.org/adv/realwin_8-adv.txt
http://realflex.com/news/ics-alert-11-080-04-update/
http://www.digitalbond.com/2011/04/22/friday-news-and-notes-131/

Solution :

Upgrade to RealWin version 2.1.12 (2.1 Build 6.1.12.12) or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 53543 ()

Bugtraq ID: 46937

CVE ID: CVE-2011-1563
CVE-2011-1564