Sign-up

ID

VAR-200809-0422


CVE

CVE-2008-4322


TITLE

RealFlex RealWin buffer overflow

Trust: 0.8

sources: CERT/CC: VU#976484

DESCRIPTION

Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet. RealFlex RealWin demo version contains a vulnerability in the way "FC_INFOTAG/SET_CONTROL" packets are processed. DATAC RealWin Is FC_INFOTAG/SET_CONTROL A buffer overflow vulnerability exists due to improper handling of packets. DATAC RealWin Is Human Machine Interface With components, Microsoft Windows2000/XP Work on SCADA Server software. RealWin Is Crafted FC_INFOTAG/SET_CONTROL A buffer overflow vulnerability exists due to improper handling of packets.Arbitrary code execution or denial of service by a remote third party (DoS) There is a possibility of being attacked. DATAC RealWin SCADA server is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This may facilitate the complete compromise of affected computers. Failed exploit attempts may result in a denial-of-service condition. RealWin SCADA server 2.0 is affected; other versions may also be vulnerable. ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: RealWin INFOTAG/SET_CONTROL Packet Processing Buffer Overflow SECUNIA ADVISORY ID: SA32055 VERIFY ADVISORY: http://secunia.com/advisories/32055/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: RealWin 2.x http://secunia.com/advisories/product/19990/ DESCRIPTION: Ruben Santamarta has discovered a vulnerability in RealWin, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the processing of TCP packets received on port 910 by default. SOLUTION: Restrict network access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta, Reversemode ORIGINAL ADVISORY: http://reversemode.com/index.php?option=com_content&task=view&id=55&Itemid=1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2008-4322 // CERT/CC: VU#976484 // JVNDB: JVNDB-2008-002140 // BID: 31418 // PACKETSTORM: 70444

AFFECTED PRODUCTS

vendor:dataconlinemodel: - scope: - version: -

Trust: 1.6

vendor:realflexmodel:realwin serverscope:eqversion:2.0

Trust: 1.6

vendor:realflexmodel: - scope: - version: -

Trust: 0.8

vendor:datac onlinemodel:realwinscope:eqversion:2.x

Trust: 0.8

vendor:datacmodel:control international realwin scada serverscope:eqversion:2.0

Trust: 0.3

sources: CERT/CC: VU#976484 // BID: 31418 // JVNDB: JVNDB-2008-002140 // CNNVD: CNNVD-200809-411 // NVD: CVE-2008-4322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-4322
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#976484
value: 2.48

Trust: 0.8

NVD: CVE-2008-4322
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200809-411
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2008-4322
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#976484 // JVNDB: JVNDB-2008-002140 // CNNVD: CNNVD-200809-411 // NVD: CVE-2008-4322

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2008-002140 // NVD: CVE-2008-4322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-411

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200809-411

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-002140

PATCH
title:Contact Usurl:http://www.dataconline.com/profile/contact.php
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-002140

EXTERNAL IDS
db:CERT/CCid:VU#976484
Trust: 3.5
db:NVDid:CVE-2008-4322
Trust: 2.7
db:BIDid:31418
Trust: 2.7
db:SECUNIAid:32055
Trust: 2.5
db:VUPENid:ADV-2008-2694
Trust: 2.4
db:XFid:45465
Trust: 1.4
db:JVNDBid:JVNDB-2008-002140
Trust: 0.8
db:BUGTRAQid:20080926 DATAC REALWIN 2.0 SCADA SOFTWARE - REMOTE PREAAUTH EXPLOIT
Trust: 0.6
db:CNNVDid:CNNVD-200809-411
Trust: 0.6
db:PACKETSTORMid:70444
Trust: 0.1
sources:
            
            
            CERT/CC: VU#976484 // 
            
            
            
            BID: 31418 // 
            
            
            
            JVNDB: JVNDB-2008-002140 // 
            
            
            
            PACKETSTORM: 70444 // 
            
            
            
            CNNVD: CNNVD-200809-411 // 
            
            
            
            NVD: CVE-2008-4322

REFERENCES
url:http://www.kb.cert.org/vuls/id/976484
Trust: 2.7
url:http://reversemode.com/index.php?option=com_content&task=view&id=55&itemid=1
Trust: 2.5
url:http://www.securityfocus.com/bid/31418
Trust: 2.4
url:http://www.vupen.com/english/advisories/2008/2694
Trust: 1.8
url:http://secunia.com/advisories/32055
Trust: 1.6
url:http://xforce.iss.net/xforce/xfdb/45465
Trust: 1.4
url:http://www.dataconline.com/software/realwin.php
Trust: 1.1
url:http://www.securityfocus.com/archive/1/496759/100/0/threaded
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/45465
Trust: 1.0
url:http://secunia.com/advisories/32055/
Trust: 0.9
url:http://www.realflex.com/products/realwin/realwin.php
Trust: 0.8
url:http://www.dataconline.com/profile/profile.php
Trust: 0.8
url:http://www.realflex.com/profile/history.php
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4322
Trust: 0.8
url:http://jvn.jpcert.or.jp/cert/jvnvu976484/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4322
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/496759/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/2694
Trust: 0.6
url:/archive/1/496759
Trust: 0.3
url:http://secunia.com/binary_analysis/sample_analysis/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/product/19990/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#976484 // 
            
            
            
            BID: 31418 // 
            
            
            
            JVNDB: JVNDB-2008-002140 // 
            
            
            
            PACKETSTORM: 70444 // 
            
            
            
            CNNVD: CNNVD-200809-411 // 
            
            
            
            NVD: CVE-2008-4322

CREDITS
Ruben Santamarta※ ruben@reversemode.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200809-411

SOURCES
db:CERT/CCid:VU#976484
db:BIDid:31418
db:JVNDBid:JVNDB-2008-002140
db:PACKETSTORMid:70444
db:CNNVDid:CNNVD-200809-411
db:NVDid:CVE-2008-4322

LAST UPDATE DATE
2025-04-10T23:11:24.004000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#976484date:2009-01-13T00:00:00
db:BIDid:31418date:2015-05-07T17:23:00
db:JVNDBid:JVNDB-2008-002140date:2008-12-25T00:00:00
db:CNNVDid:CNNVD-200809-411date:2008-12-10T00:00:00
db:NVDid:CVE-2008-4322date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CERT/CCid:VU#976484date:2008-12-02T00:00:00
db:BIDid:31418date:2008-09-26T00:00:00
db:JVNDBid:JVNDB-2008-002140date:2008-12-25T00:00:00
db:PACKETSTORMid:70444date:2008-09-29T18:49:11
db:CNNVDid:CNNVD-200809-411date:2008-09-29T00:00:00
db:NVDid:CVE-2008-4322date:2008-09-29T19:25:59.353