Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/12/03 2:2 p.m.5 views

CVE-2025-11789

Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi' and then uses it as an index in the 'FilesDownload' array with 'iVar2'. If the parameter is too large, it will access memory beyond the limits...

7.5CVSS6.8AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/03 2:2 p.m.5 views

CVE-2025-11784

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated...

9.8CVSS7.3AI score0.00344EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/02 3:30 p.m.5 views

EUVD-2025-200234

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload' function uses “sprintf” to format a string that includes the user-controlled input of 'GetParametermeter' in the fixed-size buffer 'acStack4c' 64 bytes without checking the length. An attacker c...

8.5CVSS6.8AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/02 3:30 p.m.7 views

EUVD-2025-200235

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

8.6CVSS6.4AI score0.00125EPSS
Exploits0References2
NVD
NVD
added 2025/12/02 1:15 p.m.4 views

CVE-2025-11788

Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly...

9.8CVSS0.00284EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 1:15 p.m.6 views

CVE-2025-11781

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

8.6CVSS0.00125EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 1:2 p.m.3 views

CVE-2025-11787 Command injection vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...

8.5CVSS7.1AI score0.00916EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 1:1 p.m.17 views

CVE-2025-11784 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated...

8.5CVSS0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 12:59 p.m.8 views

CVE-2025-11781 Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

8.6CVSS0.00125EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 12:57 p.m.6 views

CVE-2025-11779 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...

9.4CVSS0.01334EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.6 views

PT-2025-48676

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the SetUserPassword function. The newPassword parameter is incorporated into a shell command string using sprintf without proper sanitisation or...

9.8CVSS7.8AI score0.00344EPSS
Exploits0References4
Rows per page
Query Builder