Lucene search
K

3051 matches found

NVD
NVD
added 2025/12/02 1:15 p.m.2 views

CVE-2025-11779

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...

9.8CVSS0.01334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 1:2 p.m.3 views

CVE-2025-11787 Command injection vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...

8.5CVSS7.1AI score0.00916EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 1:1 p.m.10 views

CVE-2025-11786 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

8.5CVSS0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 1:1 p.m.19 views

CVE-2025-11784 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated...

8.5CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 1:0 p.m.13 views

CVE-2025-11782

CVE-2025-11782 affects Circutor SGE-PLC1000/SGE-PLC50 (v9.0.2). The ShowDownload() function uses sprintf() to format a string with user-controlled GetParameter(meter) input into a fixed 64-byte buffer (acStack_4c) without length checks, enabling a stack-based overflow if meter exceeds the buffer....

9.8CVSS6.9AI score0.0035EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/02 12:59 p.m.8 views

CVE-2025-11781 Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

8.6CVSS0.00125EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 12:57 p.m.6 views

CVE-2025-11779 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...

9.4CVSS0.01334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 12:56 p.m.2 views

CVE-2025-11778 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'readpacket' function of the TACACSPLUS implementation...

10CVSS7.1AI score0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.6 views

PT-2025-48676

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the SetUserPassword function. The newPassword parameter is incorporated into a shell command string using sprintf without proper sanitisation or...

9.8CVSS7.8AI score0.00344EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.5 views

PT-2025-48677

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...

8.5CVSS7.5AI score0.00916EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.10 views

PT-2025-48673

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the AddEvent function when handling user-supplied usernames. The issue occurs because the function copies the username input to a fixed-size buffe...

9.8CVSS7.9AI score0.00532EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/21 9:36 p.m.11 views

CVE-2025-65102 PJSIP is vulnerable to buffer overflow in Opus PLC

PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio...

8.7CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 2025/11/21 9:36 p.m.43 views

CVE-2025-65102

CVE-2025-65102 affects PJSIP with Opus in the receiving direction. Prior to version 2.16, Opus PLC may zero-fill the input frame if the decoder ptime differs from the input frame length (based on stream ptime), causing a memory overwrite and potential unexpected process termination. The issue is ...

8.7CVSS6.6AI score0.00273EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.2 views

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-58014)

wifi: brcmsmac: add gain range check to wlcphyiqcalgainparamsnphy This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503443; scriptversion"1.2";...

7.1CVSS6.9AI score0.00196EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/24 10:38 p.m.5 views

CVE-2025-60023

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine...

6.3CVSS7.2AI score0.00465EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 10:38 p.m.6 views

CVE-2025-58429

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine...

8.3CVSS7.2AI score0.00562EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 10:38 p.m.9 views

CVE-2025-61934

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...

10CVSS7.2AI score0.00605EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 10:38 p.m.7 views

CVE-2025-58078

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...

8.3CVSS7.3AI score0.00562EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 10:38 p.m.4 views

CVE-2025-59776

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine...

6.3CVSS7.2AI score0.00465EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/24 12:30 a.m.4 views

EUVD-2025-35737

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine...

8.3CVSS6.7AI score0.00562EPSS
Exploits0References5
Rows per page
Query Builder