CVE-2010-4142

DATAC RealWin <= 2.0 Build 6.1.8.10 - Stack-Based Buffer Overflow via Long SCPC Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 8 public exploits for CVE-2010-4142. PoCs published by Metasploit, blake, Luigi Auriemma, including Metasploit module exploits/windows/scada/realwin_scpc_txtevent.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in DATAC RealWin SCADA Server via a crafted packet sent to port 912. It leverages SEH overwrite and a hardcoded return address to achieve remote code execution.

Description

Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.

Exploits (8)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16383

This Metasploit module exploits a stack buffer overflow in DATAC RealWin SCADA Server via a crafted packet sent to port 912. It leverages SEH overwrite and a hardcoded return address to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DATAC Control International RealWin SCADA Server 2.0 (Build 6.1.8.10)
No auth needed
Prerequisites: Network access to TCP port 912 · Target running vulnerable RealWin SCADA Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16382

This exploit targets a stack buffer overflow in DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) via a crafted packet sent to port 912. It leverages SEH overwrite to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10)
No auth needed
Prerequisites: Network access to target port 912
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16384

This exploit targets a stack buffer overflow in DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) via a crafted packet sent to port 912. It leverages a pivot and return address to execute arbitrary payloads, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10)
No auth needed
Prerequisites: Network access to target port 912 · Vulnerable version of DATAC RealWin SCADA Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by blake · pythonremotewindows
https://www.exploit-db.com/exploits/15337

This exploit targets a buffer overflow vulnerability in RealWin SCADA System 1.06 by overwriting the SEH (Structured Exception Handler) and executing a shell_bind_tcp payload. It sends a crafted payload to trigger the overflow and achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RealWin SCADA System 1.06
No auth needed
Prerequisites: Network access to the target system · RealWin SCADA System 1.06 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/15259

The exploit demonstrates a stack-based buffer overflow in DATAC RealWin SCADA server via two vulnerable functions (SCPC_INITIALIZE and SCPC_TXTEVENT) on port 912. The PoC uses crafted input to trigger overflows via sprintf and strcpy, leading to potential remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DATAC RealWin <= 2.0 (Build 6.1.8.10)
No auth needed
Prerequisites: network access to port 912 · vulnerable RealWin server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Luigi Auriemma, MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/realwin_scpc_txtevent.rb

This Metasploit module exploits a stack buffer overflow in DATAC RealWin SCADA Server by sending a crafted packet to trigger arbitrary code execution. It uses a pivot and return address to redirect execution flow to the payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DATAC Control International RealWin SCADA Server 2.0 (Build 6.1.8.10)
No auth needed
Prerequisites: Network access to the target on port 912
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Luigi Auriemma, MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/realwin_scpc_initialize.rb

This Metasploit module exploits a stack buffer overflow in DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) via a crafted SCPC_INITIALIZE packet. It leverages SEH overwrite to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10)
No auth needed
Prerequisites: Network access to TCP port 912 · Target running vulnerable DATAC RealWin SCADA Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Luigi Auriemma, MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/realwin_scpc_initialize_rf.rb

This Metasploit module exploits a stack buffer overflow in DATAC RealWin SCADA Server by sending a crafted packet to trigger arbitrary code execution via SEH overwrite. It targets a specific DLL version and includes payload handling for Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DATAC Control International RealWin SCADA Server 2.0 (Build 6.1.8.10)
No auth needed
Prerequisites: Network access to TCP port 912 · Vulnerable version of RealWin SCADA Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15259
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44150
Exploit x_refsource_misc
http://aluigi.org/adv/realwin_1-adv.txt
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15337
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41849

Scores

EPSS 0.6357
EPSS Percentile 99.1%

Details

CWE
CWE-119
Status published
Products (2)
realflex/realwin 1.06
realflex/realwin 2.0
Published Nov 02, 2010
Tracked Since Feb 18, 2026