EIP-2026-119084

PRE-CVE

RealWin SCADA Server - DATAC Login Buffer Overflow (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119084. PoCs published by Metasploit.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in RealWin SCADA Server via a crafted On_FC_CONNECT_FCS_LOGIN packet with an overly long username. It leverages SEH overwrite and a pop/pop/ret gadget to achieve remote code execution.

Description

RealWin SCADA Server - DATAC Login Buffer Overflow (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17434

View Code ZIP pw:eip

This is a Metasploit module exploiting a stack buffer overflow in RealWin SCADA Server via a crafted On_FC_CONNECT_FCS_LOGIN packet with an overly long username. It leverages SEH overwrite and a pop/pop/ret gadget to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier

No auth needed

Prerequisites: Network access to the target SCADA server on port 910

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026