CVE-2011-1563

Name of the Vulnerable Software and Affected Versions DATAC RealFlex RealWin versions 2.1 (Build 6.1.10.10) and earlier

Description The issue is related to multiple stack-based buffer overflows in the HMI application. Remote attackers can execute arbitrary code via a long username in an "On FC CONNECT FCS LOGIN" packet, and crafted packets including "On FC CTAGLIST FCS CADDTAG", "On FC CTAGLIST FCS CDELTAG", "On FC CTAGLIST FCS ADDTAGMS", "On FC RFUSER FCS LOGIN", unspecified "On FC BINFILE FCS *FILE", "On FC CGETTAG FCS GETTELEMETRY", "On FC CGETTAG FCS GETCHANNELTELEMETRY", "On FC CGETTAG FCS SETTELEMETRY", "On FC CGETTAG FCS SETCHANNELTELEMETRY", and "On FC SCRIPT FCS STARTPROG" packets to port 910.

Recommendations For DATAC RealFlex RealWin versions 2.1 (Build 6.1.10.10) and earlier, consider disabling the On FC CONNECT FCS LOGIN function and restrict access to the specified packets until a patch is available. Avoid using long username values in the "On FC CONNECT FCS LOGIN" packet. Restrict access to port 910 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.