Lucene search

SAINT CorporationSAINT:EDFFF7CE006D84E1F3BC3D03475ED78E

HistoryOct 03, 2008 - 12:00 a.m.

DATAC RealWin SCADA Server FC_INFOTAG/SET_CONTROL buffer overflow

2008-10-0300:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.303 Low

EPSS

Percentile

97.0%

JSON

Added: 10/03/2008
CVE: CVE-2008-4322
BID: 31418
OSVDB: 48606

Background

RealWin is a Supervisory Control and Data Acquisition (SCADA) server which is distributed by DATAC.

Problem

A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially crafted FC_INFOTAG/SET_CONTROL packet.

Resolution

Block access to port 910/TCP.

References

<http://archives.neohapsis.com/archives/bugtraq/2008-09/0297.html>

Limitations

Exploit works on DATAC Control RealWin SCADA System 2.0.

Platforms

Windows 2000
Windows Server 2003

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.303 Low

EPSS

Percentile

97.0%

JSON

Related for SAINT:EDFFF7CE006D84E1F3BC3D03475ED78E