CVE-2011-1564

Name of the Vulnerable Software and Affected Versions DATAC RealFlex RealWin versions 2.1 (Build 6.1.10.10) and earlier

Description The issue is related to multiple integer overflows in the HMI application. Remote attackers can execute arbitrary code via crafted packets, specifically (1) On FC MISC FCS MSGBROADCAST and (2) On FC MISC FCS MSGSEND packets, which trigger a heap-based buffer overflow.

Recommendations For DATAC RealFlex RealWin versions 2.1 (Build 6.1.10.10) and earlier, consider restricting access to the HMI application until a patch is available. As a temporary workaround, avoid using the On FC MISC FCS MSGBROADCAST and On FC MISC FCS MSGSEND packets in the affected application. At the moment, there is no information about a newer version that contains a fix for this issue.