Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Crouzet em4 soft 1.1.04 - '.pm4' Integer Division By Zero

🗓️ 01 Mar 2016 00:00:00Reported by LiquidWormType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 40 Views

em4 soft 1.1.04 - '.pm4' Integer Division By Zero vulnerability in Crouzet Automatismes SAS produc

Code

Crouzet em4 soft 1.1.04 Integer Division By Zero


Vendor: Crouzet Automatismes SAS
Product web page: http://www.crouzet-automation.com
Affected version: 1.1.04 and 1.1.03.01

Summary: em4 is more than just a nano-PLC. It is a leading
edge device supported by best-in-class tools that enables
you to create and implement the smartest automation applications.

Desc: em4 soft suffers from a division by zero attack when handling
Crouzet Logic Software Document '.pm4' files, resulting in denial
of service vulnerability and possibly loss of data.

---------------------------------------------------------------------
(187c.1534): Integer divide-by-zero - code c0000094 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** WARNING: Unable to verify checksum for image013b0000
*** ERROR: Module load completed but symbols could not be loaded for image013b0000
eax=00000000 ebx=00000000 ecx=55c37c10 edx=00000000 esi=0105b13c edi=0110bb18
eip=013ea575 esp=0064d8b8 ebp=0064d8f4 iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210206
image013b0000+0x3a575:
013ea575 f7bf18010000    idiv    eax,dword ptr [edi+118h] ds:002b:0110bc30=00000000
0:000> u
image013b0000+0x3a575:
013ea575 f7bf18010000    idiv    eax,dword ptr [edi+118h]
013ea57b 8d4de0          lea     ecx,[ebp-20h]
013ea57e c745fc00000000  mov     dword ptr [ebp-4],0
013ea585 50              push    eax
013ea586 6808505b01      push    offset image013b0000+0x205008 (015b5008)
013ea58b 51              push    ecx
013ea58c ff15b0575a01    call    dword ptr [image013b0000+0x1f57b0 (015a57b0)]
013ea592 8b870c010000    mov     eax,dword ptr [edi+10Ch]
---------------------------------------------------------------------

Tested on: Microsoft Windows 7 Professional SP1 (EN)
           Microsoft Windows 7 Ultimate SP1 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2016-5309
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5309.php


25.01.2016

--


PoC: 

http://zeroscience.mk/codes/poc5309.pm4.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39509.zip

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Mar 2016 00:00Current
7.4High risk
Vulners AI Score7.4
crouzet automatismesinteger division by zerovulnerability
40