CVE-2011-1564

Current Description

Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow.

Basic Data

PublishedApril 05, 2011
Last ModifiedSeptember 22, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRealflexRealwin1.06*******
    2.3ApplicationRealflexRealwin2.0*******
    2.3ApplicationRealflexRealwin********2.1

Vulnerable Software List

VendorProductVersions
Realflex Realwin *, 1.06, 2.0

References

NameSourceURLTags
http://aluigi.org/adv/realwin_6-adv.txthttp://aluigi.org/adv/realwin_6-adv.txtMISCExploit
43848http://secunia.com/advisories/43848SECUNIAVendor Advisory
8177http://securityreason.com/securityalert/8177SREASON
17025http://www.exploit-db.com/exploits/17025EXPLOIT-DBExploit
46937http://www.securityfocus.com/bid/46937BIDExploit
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdfhttp://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdfMISCUS Government Resource
ADV-2011-0742http://www.vupen.com/english/advisories/2011/0742VUPENVendor Advisory