The DATAC RealWin SCADA server package for medium/small applications is vulnerable to two stack overflow vulnerabilities. The first vulnerability occurs in the SCPC_INITIALIZE and SCPC_INITIALIZE_RF functions, where a stack-based buffer overflow is caused by the usage of sprintf(). The second vulnerability occurs in the SCPC_TXTEVENT function, where a stack-based overflow is caused by the usage of strcpy() with data supplied by the attacker.
The part of the server listening on port 910 is vulnerable to a buffer overflow happening in the function 004be510 that splits the input strings using some delimiters passed by the callee functions and copies them in a stack buffer of 1024 bytes. One of the ways to exploit the vulnerability in that function is through an On_FC_CONNECT_FCS_LOGIN packet containing a long username.
Services By CQR