← Advisories

TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability

High
Advisory ID
ZSL-2015-5277
Release Date
15 November 2015
Vendor
TECO Electric and Machinery Co., Ltd. - http://www.teco-group.eu
Affected Version
2.1
CVE
N/A
Tested On
Microsoft Windows 7 Professional SP1 (EN) 64bit, Microsoft Windows 7 Ultimate SP1 (EN) 64bit
Summary

TP3-PCLINK Software is the supportive software for TP03, providing three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input rapidly and correctly.

Description

The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .TPC file. Successful exploitation could allow execution of arbitrary code on the affected machine.

(794.193c): C++ EH exception - code e06d7363 (first chance) Critical error detected c0000374 (794.193c): Break instruction exception - code 80000003 (first chance) eax=00000000 ebx=00000000 ecx=778f0b42 edx=0018db71 esi=02730000 edi=41414141 eip=7794e725 esp=0018ddc4 ebp=0018de3c iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200202 ntdll!RtlpNtEnumerateSubKey+0x1af8: 7794e725 cc int 3
Proof of Concept
tp3tpc.txtTXT
tp3tpc-5277.zipZIP
Disclosure Timeline
09.10.2015Vulnerability discovered.
15.10.2015Contact with the vendor.
14.11.2015No response from the vendor.
15.11.2015Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.exploit-db.com/exploits/38702/
[2]https://cxsecurity.com/issue/WLB-2015110112
[3]https://packetstormsecurity.com/files/134385
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/108083
Changelog
15.11.2015Initial release
17.11.2015Added reference [1], [2] and [3]
18.11.2015Added reference [4]