216.73.216.75

CVE-2025-11788

· Published 02/12/2025 13:15 · Modified 03/12/2025 19:19

Labels: CVE-2025-11788 2025-12-02CVE-2025-11788CWE-122[email protected]

Essential information

Published
02/12/2025 13:15
Modified
03/12/2025 19:19
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
circutor / sge-plc1000 firmware cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2:*:*:*:*:*:*:*
circutor / sge-plc1000 cpe:2.3:h:circutor:sge-plc1000:-:*:*:*:*:*:*:*
circutor / sge-plc50 firmware cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2:*:*:*:*:*:*:*
circutor / sge-plc50 cpe:2.3:h:circutor:sge-plc50:-:*:*:*:*:*:*:*

References