CVE-2010-4740

SCADA Engine BACnet OPC Client <1.0.25 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-4740. PoCs published by Jeremy Brown, Jeremy Brown, MC, including Metasploit module exploits/windows/fileformat/bacnet_csv.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in BACnet OPC Client 1.0.24 by crafting a malicious CSV file that triggers a stack-based overflow, leading to arbitrary code execution via a JMP ESP technique.

Description

Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Jeremy Brown · pythonlocalwindows

https://www.exploit-db.com/exploits/15026

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in BACnet OPC Client 1.0.24 by crafting a malicious CSV file that triggers a stack-based overflow, leading to arbitrary code execution via a JMP ESP technique.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BACnet OPC Client 1.0.24

No auth needed

Prerequisites: Victim must open the malicious CSV file in the vulnerable BACnet OPC Client

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

by Jeremy Brown, MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/bacnet_csv.rb