=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN401
_____________________________________________________________________

DATE                      : 02/10/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running RealWin SCADA server.

======================================================================
http://xforce.iss.net/xforce/xfdb/45465
______________________________________________________________________

RealWin SCADA server FC_INFOTAG/SET_CONTROL buffer overflow
realwin-scada-fcinfotagsetcontrol-bo (45465) 	
The risk level is classified as HighHigh Risk

Description:

RealWin SCADA server is vulnerable to a stack-based buffer overflow. By
sending an overly large FC_INFOTAG/SET_CONTROL packet to TCP port 910, a
remote attacker could overflow a buffer and execute arbitrary code on
the system or cause the server to crash.

Platforms Affected:

    * DATAC Control International, RealWin SCADA Server 2.0

Remedy:

No remedy available as of October 1, 2008.

Consequences:

Gain Access

References:

    * RealFlex Web site, RealWin SCADA System at
http://www.realflex.com/products/realwin/realwin.php.
    * Reversemode Advisory, Friday, 26 September 2008, Exploit for DATAC
RealWin 2.0 SCADA Software at
http://reversemode.com/index.php?option=com_content&task=view&id=55&Itemid=1.
    * BID-31418: DATAC RealWin SCADA Server Remote Stack Buffer Overflow
Vulnerability
    * CVE-2008-4322: Stack-based buffer overflow in RealFlex
Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows
remote attackers to execute arbitrary code via a crafted
FC_INFOTAG/SET_CONTROL packet.
    * SA32055: RealWin INFOTAG/SET_CONTROL Packet Processing Buffer
Overflow

Reported:

Sep 29, 2008

The information within this database may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this
information or its use. Any use of this information is at the user's
risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights
reserved worldwide.

For corrections or additions please email xforce@iss.net

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================