header-logo
Suggest Exploit
vendor:
SG2 Client
by:
Gjoko 'LiquidWorm' Krstic
7,8
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: SG2 Client
Affected Version From: 3.40
Affected Version To: 3.51
Patch Exists: YES
Related CWE: N/A
CPE: a:teco_electric_and_machinery_co.ltd:sg2_client
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows 7 Professional SP1 (EN) 64bit, Microsoft Windows 7 Ultimate SP1 (EN) 64bit
2016

TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Vulnerability

The vulnerability is caused due to a boundary error in the processing of a Genie FBD, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .GFB file. Successful exploitation could allow execution of arbitrary code on the affected machine.

Mitigation:

Update to the latest version of the software.
Source

Exploit-DB raw data:

# TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Vulnerability
#
#
# Vendor: TECO Electric and Machinery Co., Ltd.
# Product web page: http://www.teco-group.eu
# Download: http://globalsa.teco.com.tw/support_download.aspx?KindID=9
# Affected version: 3.51 and 3.40
#
# Summary: SG2 Client is a program that enables to create and edit applications.
# The program is providing two edit modes, LADDER and FBD to rapidly and directly
# input the required app. The Simulation Mode allows users to virtually run and test
# the program before it is loaded to the controller.
#
# Desc: The vulnerability is caused due to a boundary error in the processing
# of a Genie FBD, which can be exploited to cause a buffer overflow when a
# user opens e.g. a specially crafted .GFB file. Successful exploitation could
# allow execution of arbitrary code on the affected machine.
#
# ---------------------------------------------------------------------------------
# (fb0.fd0): Access violation - code c0000005 (!!! second chance !!!)
# *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\windows\SysWOW64\ntdll.dll - 
# *** WARNING: Unable to verify checksum for C:\Program Files (x86)\TECO\SG2 Client\FBD.EXE
# *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files (x86)\TECO\SG2 Client\FBD.EXE
# eax=4141413f ebx=00000004 ecx=41414141 edx=41414141 esi=0018f578 edi=00a642e8
# eip=00440b57 esp=0018ef9c ebp=0000003f iopl=0         nv up ei pl nz na po nc
# cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
# FBD+0x40b57:
# 00440b57 8995a0000000    mov     dword ptr [ebp+0A0h],edx ss:002b:000000df=????????
# ---------------------------------------------------------------------------------
#
# Tested on: Microsoft Windows 7 Professional SP1 (EN) 64bit
#            Microsoft Windows 7 Ultimate SP1 (EN) 64bit
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#                             @zeroscience
#
#
# Advisory ID: ZSL-2015-5276
# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5276.php
#
#
# 09.10.2015
#


PoC:

- http://zeroscience.mk/codes/sg2fbd-5276.zip
- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38701.zip

Navigation

Suggest Exploit

Services By CQR