Lucene search

[email protected]CVE-2011-1564

HistoryApr 05, 2011 - 3:19 p.m.

CVE-2011-1564

2011-04-0515:19:35

CWE-189

[email protected]

web.nvd.nist.gov

cve-2011-1564

integer overflows

datac realflex realwin

remote code execution

buffer overflow

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.13 Low

EPSS

Percentile

95.5%

JSON

Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow.

Affected configurations

NVD

Node

realflexrealwinRange≤2.1

realflexrealwinMatch1.06

realflexrealwinMatch2.0

CPENameOperatorVersion
realflex:realwinrealflex realwinle2.1
realflex:realwinrealflex realwineq1.06
realflex:realwinrealflex realwineq2.0

CPE	Name	Operator	Version
realflex:realwin	realflex realwin	le	2.1
realflex:realwin	realflex realwin	eq	1.06
realflex:realwin	realflex realwin	eq	2.0

References

aluigi.org/adv/realwin_6-adv.txt

secunia.com/advisories/43848

securityreason.com/securityalert/8177

www.exploit-db.com/exploits/17025

www.securityfocus.com/bid/46937

www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf

www.vupen.com/english/advisories/2011/0742

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.13 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2011-1564

nvd1 cvelist1 prion1 openvas1