This Metasploit module exploits a vulnerability found in DATAC Control International RealWin SCADA Server 2.1 and below. By supplying a specially crafted On_FC_BINFILE_FCS_*FILE packet via port 910, RealWin will try to create a file (which would be saved to C:\Program Files\DATAC\Real Win\RW-version\filename) by first copying the user-supplied filename with a inline memcpy routine without proper bounds checking, which results a stack-based buffer overflow, allowing arbitrary remote code execution. Tested version: 2.0 (Build 6.1.8.10).
03bf98284439d992c47fe1e2bec66c01c8f4a83ae33e20afd12558dba1c061a7