Sge-Plc1000 Sge-Plc50 Circutor vulnerabilities
12 known vulnerabilities affecting sge-plc1000_sge-plc50/circutor.
Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH3
Vulnerabilities
Page 1 of 1
CVE-2025-11786P2CRITICALCVSS 9.8v9.0.22025-12-02
CVE-2025-11786 [CRITICAL] CWE-121 CVE-2025-11786: Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserP
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands
nvd
CVE-2025-11779P2CRITICALCVSS 9.8v9.0.22025-12-02
CVE-2025-11779 [CRITICAL] CWE-121 CVE-2025-11779: Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' func
Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being saniti
nvd
CVE-2025-11787P2HIGHCVSS 8.8v9.0.22025-12-02
CVE-2025-11787 [HIGH] CWE-78 CVE-2025-11787: Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 thr
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.
nvd
CVE-2025-11783P2CRITICALCVSS 9.8v9.0.22025-12-02
CVE-2025-11783 [CRITICAL] CWE-121 CVE-2025-11783: Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerabilit
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.
nvd
CVE-2025-11785P2CRITICALCVSS 9.8v9.0.22025-12-02
CVE-2025-11785 [CRITICAL] CWE-121 CVE-2025-11785: Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMete
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An att
nvd
CVE-2025-11784P2CRITICALCVSS 9.8v9.0.22025-12-02
CVE-2025-11784 [CRITICAL] CWE-121 CVE-2025-11784: Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMete
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An atta
nvd
CVE-2025-11780P2CRITICALCVSS 9.8v9.0.22025-12-02
CVE-2025-11780 [CRITICAL] CWE-120 CVE-2025-11780: Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMete
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attack
nvd
CVE-2025-11778P2CRITICALCVSS 9.8v9.0.22025-12-02
CVE-2025-11778 [CRITICAL] CWE-122 CVE-2025-11778: Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an a
Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'read_packet()' function of the TACACSPLUS implementation.
nvd
CVE-2025-11788P3CRITICALCVSS 9.8v9.0.22025-12-02
CVE-2025-11788 [CRITICAL] CWE-122 CVE-2025-11788: Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSuper
Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. A
nvd
CVE-2025-11782P3CRITICALCVSS 9.8v9.0.22025-12-02
CVE-2025-11782 [CRITICAL] CWE-121 CVE-2025-11782: Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownloa
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for th
nvd
CVE-2025-11781P3HIGHCVSS 7.8v9.0.22025-12-02
CVE-2025-11781 [HIGH] CWE-321 CVE-2025-11781: Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls
nvd
CVE-2025-11789P3HIGHCVSS 7.5v9.0.22025-12-02
CVE-2025-11789 [HIGH] CWE-125 CVE-2025-11789: Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' functi
Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index in the 'FilesDownload' array with '(&FilesDownload)[iVar2]'. If the parameter is too large, it will access memory beyond the limits.
nvd