Vulnerability & Exploit Database

Back to search

DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow

This module exploits a vulnerability found in DATAC Control International RealWin SCADA Server 2.1 and below. By supplying a specially crafted On_FC_BINFILE_FCS_*FILE packet via port 910, RealWin will try to create a file (which would be saved to C:\Program Files\DATAC\Real Win\RW-version\filename) by first copying the user- supplied filename with an inline memcpy routine without proper bounds checking, which results a stack-based buffer overflow, allowing arbitrary remote code execution. Tested version: 2.0 (Build 6.1.8.10)

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/windows/scada/realwin_on_fc_binfile_a

Authors

  • Luigi Auriemma
  • MC <mc [at] metasploit.com>

References

Targets

  • Universal

Platforms

  • windows

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/scada/realwin_on_fc_binfile_a msf exploit(realwin_on_fc_binfile_a) > show targets ...targets... msf exploit(realwin_on_fc_binfile_a) > set TARGET <target-id> msf exploit(realwin_on_fc_binfile_a) > show options ...show and set options... msf exploit(realwin_on_fc_binfile_a) > exploit

Related Modules