RealWin < 2.1.12 Multiple Buffer Overflows

critical Nessus Plugin ID 53543

Synopsis

The remote Windows host contains a SCADA application that is affected by multiple buffer overflow vulnerabilities.

Description

The installed version of RealWin is earlier than 2.1.12 (2.1 Build 6.1.12.12) and thus reportedly affected by seven heap- and stack-based buffer overflow vulnerabilities.

Using a specially crafted sequence of packets to the applications services listening on TCP ports 910 and 912, an unauthenticated remote attacker who can leverage this issue to crash the affected service or to execute code on the affected host with SYSTEM-level privileges.

Note that while the vendor claims the vulnerabilities only affect the demo version of RealWin, there is speculation that this is inaccurate and that use of an encryption option in the commercial version only serves to mitigate the risk of attack, not completely eliminate it.
Given that new versions of both the demo and commercial versions are available, we feel the prudent course of action is for the plugin to check only the version number.

Solution

Upgrade to RealWin version 2.1.12 (2.1 Build 6.1.12.12) or later.

See Also

http://aluigi.altervista.org/adv/realwin_2-adv.txt

http://aluigi.altervista.org/adv/realwin_3-adv.txt

http://aluigi.altervista.org/adv/realwin_4-adv.txt

http://aluigi.altervista.org/adv/realwin_5-adv.txt

http://aluigi.altervista.org/adv/realwin_6-adv.txt

http://aluigi.altervista.org/adv/realwin_7-adv.txt

http://aluigi.altervista.org/adv/realwin_8-adv.txt

http://realflex.com/news/ics-alert-11-080-04-update/

http://www.digitalbond.com/2011/04/22/friday-news-and-notes-131/

Plugin Details

Severity: Critical

ID: 53543

File Name: scada_realwin_2_1_12.nbin

Version: 1.72

Type: local

Family: SCADA

Published: 4/25/2011

Updated: 5/20/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SCADA/Apps/RealFlex/RealWin/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/20/2011

Vulnerability Publication Date: 3/21/2011

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow)

ExploitHub (EH-11-003)

Reference Information

CVE: CVE-2011-1563, CVE-2011-1564

BID: 46937

ICS-ALERT: 11-080-04, 11-110-01