Hi
http://www.dataconline.com/software/realwin.php
"RealWin is a SCADA server product which includes a FlexView HMI and
runs on current Microsoft Windows platforms (2000 and XP). It can
operate on a single PC or multiple PCs connected through a TCP/IP
network. It reads and maintains data returned from field devices using
drivers, stores data for historical access, runs Command Sequence
Language (CSL) scripts and generates alarms as defined in the system."
The version available for download
(http://www.realflex.com/download/form.php) is likely an old one so
newer versions may, or may not, be vulnerable. Note that the server is
affected by other flaws, but this one is pretty clear and 100% reliable.
.text:0042BFFE call sub_419690 ; Get Packet.PayloadLen
.text:0042C003 movzx ecx, ax
.text:0042C006 mov edx, ecx
.text:0042C008 shr ecx, 2
.text:0042C00B mov esi, ebx
.text:0042C00D lea edi, [esp+638h+var_2E0]
.text:0042C014 rep movsd
.text:0042C016 mov ecx, edx
.text:0042C018 and ecx, 3
That's all, just for fun.
Regards,
Rubén.