Lucene search
K

181 matches found

CVE
CVE
added 2025/12/02 1:1 p.m.9 views

CVE-2025-11785

CVE-2025-11785 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is a stack-based buffer overflow in ShowMeterPasswords() caused by unbounded input from the meter parameter via GetParameter(meter) being copied into a fixed-size buffer with sprintf(), without size validation. An att...

9.8CVSS6.8AI score0.00344EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/02 1:1 p.m.2 views

CVE-2025-11785 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated...

8.5CVSS6.8AI score0.00344EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 1:1 p.m.2 views

CVE-2025-11784 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated...

8.5CVSS6.8AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 1:1 p.m.20 views

CVE-2025-11784

CVE-2025-11784 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In ShowMeterDatabase(), unlimited input from the meter parameter is copied into a fixed-size buffer using sprintf(), with GetParameter(meter) supplying the data. This constitutes a stack-based buffer overflow as no input size validatio...

9.8CVSS6.8AI score0.00344EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/02 1:1 p.m.13 views

CVE-2025-11784 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated...

8.5CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 1:1 p.m.9 views

CVE-2025-11783

Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 contains a stack-based buffer overflow in AddEvent() caused by copying the user-controlled username into a fixed 48-byte buffer without boundary checks. This can lead to memory corruption and remote code execution. Public details across sources consistently c...

9.8CVSS7.9AI score0.00532EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/02 1:1 p.m.2 views

CVE-2025-11783 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

8.5CVSS7.9AI score0.00532EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 1:1 p.m.7 views

CVE-2025-11783 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

8.5CVSS0.00532EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 1:0 p.m.12 views

CVE-2025-11782

CVE-2025-11782 affects Circutor SGE-PLC1000/SGE-PLC50 (v9.0.2). The ShowDownload() function uses sprintf() to format a string with user-controlled GetParameter(meter) input into a fixed 64-byte buffer (acStack_4c) without length checks, enabling a stack-based overflow if meter exceeds the buffer....

9.8CVSS6.9AI score0.0035EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/02 1:0 p.m.4 views

CVE-2025-11782 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload' function uses “sprintf” to format a string that includes the user-controlled input of 'GetParametermeter' in the fixed-size buffer 'acStack4c' 64 bytes without checking the length. An attacker c...

8.5CVSS6.9AI score0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 1:0 p.m.7 views

CVE-2025-11782 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload' function uses “sprintf” to format a string that includes the user-controlled input of 'GetParametermeter' in the fixed-size buffer 'acStack4c' 64 bytes without checking the length. An attacker c...

8.5CVSS0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 12:59 p.m.8 views

CVE-2025-11781 Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

8.6CVSS0.00125EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 12:59 p.m.3 views

CVE-2025-11781 Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

8.6CVSS6.5AI score0.00125EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 12:59 p.m.12 views

CVE-2025-11781

CVE-2025-11781 affects Circutor SGE-PLC1000/SGE-PLC50 firmware v9.0.2. The root cause is a hardcoded static authentication key in the firmware, allowing a local attacker to extract the key (from firmware image or memory) and create valid firmware update packages, bypassing access controls and gai...

8.6CVSS6.5AI score0.00125EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/12/02 12:58 p.m.19 views

CVE-2025-11780

CVE-2025-11780 describes a stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability stems from an unlimited user input retrieved via GetParameter(meter) being copied into a fixed-size buffer in the function showMeterReport() using sprintf() without size validation. ...

9.8CVSS6.8AI score0.00284EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/02 12:58 p.m.2 views

CVE-2025-11780 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated in...

8.7CVSS6.8AI score0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 12:58 p.m.5 views

CVE-2025-11780 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated in...

8.7CVSS0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 12:57 p.m.5 views

CVE-2025-11779 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...

9.4CVSS0.01334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 12:57 p.m.2 views

CVE-2025-11779 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...

9.4CVSS6.9AI score0.01334EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 12:57 p.m.13 views

CVE-2025-11779

CVE-2025-11779 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. A stack-based buffer overflow in the SetLan function is triggered when applying a new configuration via the management web interface (index.cgi). Un-sanitised configuration parameters can lead to command injection. Publicly referenced ...

9.8CVSS6.9AI score0.01334EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder