CVE-2011-1564

DATAC RealFlex RealWin <2.1 Build 6.1.10.10 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1564. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit demonstrates multiple remote stack overflow vulnerabilities in DATAC RealWin SCADA server (versions <= 2.1) via crafted packets sent to port 910. The PoC includes multiple payloads targeting different functions, each exploiting buffer overflows in username, filename, or path handling.

Description

Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/17025

View Code ZIP pw:eip

This exploit demonstrates multiple remote stack overflow vulnerabilities in DATAC RealWin SCADA server (versions <= 2.1) via crafted packets sent to port 910. The PoC includes multiple payloads targeting different functions, each exploiting buffer overflows in username, filename, or path handling.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DATAC RealWin <= 2.1 (Build 6.1.10.10)

No auth needed

Prerequisites: Network access to target's port 910 · Vulnerable DATAC RealWin installation

MITRE ATT&CK