Demo Software Patched

Friday, September 7, 2012 @ 04:09 PM gHale

RealFlex created in upgrade that solves the uncontrolled search path element vulnerability, or a DLL hijack, in its RealWinDemo application.

Independent researcher Carlos Mario Penagos Hollmann, who found the vulnerability, validated the fix resolves the issue.

Honeywell Fixes HMIWeb Browser Hole
Hole Exists; Wrong Vendor Selected
InduSoft Vulnerability Released
More Holes with RuggedCom

The RealFlex products affected are:
• RealWinDemo 2.1.12 and prior,
• RealWin 2.1.12 and prior, and
• FlexView 3.1.85 and prior.

Successful exploitation of this vulnerability may lead to arbitrary code execution.

RealWinDemo is a Microsoft Windows-based human-machine interface/supervisory control and data acquisition (HMI/SCADA) software package that primarily sees use for customer demonstration purposes. It also sees use in small automation projects using standard protocols such as Modbus.

RealWin is primarily a demo product to generate sales of the RealFlex 6 SCADA product. RealWin is in production on projects in Nigeria, USA, India, Philippines, Saudi Arabia, and Mexico.

RealWinDemo uses an uncontrolled search path to find resources that could allow an unauthorized user to locate and exploit one or more locations. An unauthorized user could place a malicious DLL in a directory where it could load before the valid DLL. An attacker must have access to the host file system to exploit this vulnerability. If exploited, this vulnerability could allow execution of arbitrary code. CVE-2012-3004 is the number assigned to this vulnerability, which has a CVSS V2 base score of 6.2.

This vulnerability is not remotely exploitable and cannot undergo exploitation without user interaction. The exploit only triggers when a local user runs the vulnerable application and loads a malicious realwin.dll or keyhook.dll file.

RealFlex has produced an updated version that resolves the issue. Customers may log in to download an updated version of the following products:
• RealWin 2.1.13,
• FlexView 3.1.86, and
• RealWinDemo 2.1.13.

Leave a Reply

You must be logged in to post a comment.