← Advisories

Art Systems FluidDraw P5/S5 5.3n Binary Planting Arbitrary Code Execution

High

Advisory ID

ZSL-2016-5295

Release Date

17 January 2016

Vendor

Art Systems Software GmbH - http://www.art-systems.com, Festo AG & Co. KG - https://www.festo.com

Affected Version

FluidDraw S5 Starter 5.3n (5.3.385.0), FluidDraw P5 Professional 5.3n (5.3.385.0)

CVE

N/A

Tested On

Microsoft Windows 7 Ultimate SP1 (EN), Microsoft Windows 7 Professional SP1 (EN)

Summary

Fluiddraw enables the creation of electrical and pneumatic circuit diagrams. The tool makes it easier to plan complete systems and implement individual components. Users access the Festo catalogue and their own imported databases and can thus benefit from evaluation functions and created assembly drawings. The software is part of Festo Engineering Tools, which provides users with electronic and continuous support in the entire process, from planning, selection, design and ordering up to delivery and commissioning.

Description

FluidDraw suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (siappdll.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application files (.PRJ, .CIRC, .CT, .DXF, .SYM) located on a remote WebDAV or SMB share.

Proof of Concept

fluiddraw_dllhijack.cTXT

Disclosure Timeline

01.12.2015Vulnerability discovered.

05.12.2015Vendor contacted.

16.01.2016No response from the vendor.

17.01.2016Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://cxsecurity.com/issue/WLB-2016010102

[2]https://packetstormsecurity.com/files/135307

[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/109712

Changelog

17.01.2016Initial release

18.01.2016Added reference [1]

19.01.2016Added reference [2]

21.01.2016Added reference [3]