RealWin < 2.1.12 Multiple Buffer Overflows

Critical Nessus Plugin ID 53543


The remote Windows host contains a SCADA application that is affected by multiple buffer overflow vulnerabilities.


The installed version of RealWin is earlier than 2.1.12 (2.1 Build and thus reportedly affected by seven heap- and stack-based buffer overflow vulnerabilities.

Using a specially crafted sequence of packets to the applications services listening on TCP ports 910 and 912, an unauthenticated remote attacker who can leverage this issue to crash the affected service or to execute code on the affected host with SYSTEM-level privileges.

Note that while the vendor claims the vulnerabilities only affect the demo version of RealWin, there is speculation that this is inaccurate and that use of an encryption option in the commercial version only serves to mitigate the risk of attack, not completely eliminate it.
Given that new versions of both the demo and commercial versions are available, we feel the prudent course of action is for the plugin to check only the version number.


Upgrade to RealWin version 2.1.12 (2.1 Build or later.

See Also

Plugin Details

Severity: Critical

ID: 53543

File Name: scada_realwin_2_1_12.nbin

Version: $Revision: 1.26 $

Type: local

Family: SCADA

Published: 2011/04/25

Modified: 2018/01/29

Dependencies: 53223

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: SCADA/Apps/RealFlex/RealWin/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/04/20

Vulnerability Publication Date: 2011/03/21

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow)

ExploitHub (EH-11-003)

Reference Information

CVE: CVE-2011-1563, CVE-2011-1564

BID: 46937

OSVDB: 72824, 72825, 72826, 72827, 72828

EDB-ID: 17025

ICS-ALERT: 11-080-04, 11-110-01