216.73.216.197

CVE-2025-11782

· Published 02/12/2025 13:15 · Modified 03/12/2025 19:11

Labels: CVE-2025-11782 2025-12-02CVE-2025-11782CWE-121[email protected]

Essential information

Published
02/12/2025 13:15
Modified
03/12/2025 19:11
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
circutor / sge-plc1000 firmware cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2:*:*:*:*:*:*:*
circutor / sge-plc1000 cpe:2.3:h:circutor:sge-plc1000:-:*:*:*:*:*:*:*
circutor / sge-plc50 firmware cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2:*:*:*:*:*:*:*
circutor / sge-plc50 cpe:2.3:h:circutor:sge-plc50:-:*:*:*:*:*:*:*

References