216.73.216.86

CVE-2025-11780

· Published 02/12/2025 13:15 · Modified 03/12/2025 19:08

Labels: CVE-2025-11780 2025-12-02CVE-2025-11780CWE-120[email protected]

Essential information

Published
02/12/2025 13:15
Modified
03/12/2025 19:08
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the “meter” parameter.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
circutor / sge-plc1000 firmware cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2:*:*:*:*:*:*:*
circutor / sge-plc1000 cpe:2.3:h:circutor:sge-plc1000:-:*:*:*:*:*:*:*
circutor / sge-plc50 firmware cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2:*:*:*:*:*:*:*
circutor / sge-plc50 cpe:2.3:h:circutor:sge-plc50:-:*:*:*:*:*:*:*

References