Summary
SG2 Client is a program that enables to create and edit applications. The program is providing two edit modes, LADDER and FBD to rapidly and directly input the required app. The Simulation Mode allows users to virtually run and test the program before it is loaded to the controller.
Description
The vulnerability is caused due to a boundary error in the processing of a Genie LAD file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .GEN file. Successful exploitation could allow execution of arbitrary code on the affected machine.
(10bc.1358): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000000 ecx=43434343 edx=7794b4ad esi=00000000 edi=00000000
eip=43434343 esp=0018dc24 ebp=0018dc44 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210246
43434343 ?? ???
0:000> !exchain
0018dc38: ntdll!LdrRemoveLoadAsDataTable+d64 (7794b4ad)
0018e1d4: ntdll!LdrRemoveLoadAsDataTable+d64 (7794b4ad)
0018e800: MFC42!Ordinal1580+373 (708df2fc)
0018f098: 43434343
Invalid exception stack at 42424242