Overview CVE-2025-11789 is a reported out-of-bounds read vulnerability affecting Circutor SGE-PLC1000 and SGE-PLC50 devices running firmware version 9.0.2. This vulnerability could potentially allow an attacker to read sensitive information from the device’s memory, leading to further exploitation or system compromise. Technical Details The vulnerability resides within the DownloadFile function. This function processes a parameter which it converts to an integer using the atoi() function. The resulting integer is then used as an index (iVar2) into the FilesDownload array via the expression (&FilesDownload)[iVar2]. The critical flaw lies in the lack of proper bounds checking. If the parameter passed to atoi() is…

Overview This article provides a detailed analysis of CVE-2025-11788, a heap-based buffer overflow vulnerability discovered in Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2. This vulnerability allows a remote attacker to potentially execute arbitrary code or cause a denial-of-service (DoS) condition by providing a crafted input to the device. Technical Details The vulnerability resides within the ShowSupervisorParameters() function. The core issue stems from an unbounded sprintf() call when handling user input obtained through the GetParameter(meter) function. Specifically: The GetParameter(meter) function retrieves user-supplied input associated with the ‘meter’ parameter. This input is then directly incorporated into a fixed-size buffer using sprintf() within the ShowSupervisorParameters() function.…

Overview This article provides a comprehensive analysis of CVE-2025-11787, a command injection vulnerability discovered in Circutor SGE-PLC1000 and SGE-PLC50 programmable logic controllers (PLCs). The vulnerability affects versions up to and including 9.0.2 and could allow a remote attacker to execute arbitrary commands on the affected device. Given the potential impact on industrial control systems (ICS) and critical infrastructure, this vulnerability warrants immediate attention and remediation. Technical Details CVE-2025-11787 stems from insufficient input validation in the GetDNS(), CheckPing(), and TraceRoute() functions of the Circutor SGE-PLC1000/SGE-PLC50 operating system. An attacker can exploit this flaw by injecting malicious commands into parameters passed to…

Overview CVE-2025-11786 describes a critical stack-based buffer overflow vulnerability affecting Circutor SGE-PLC1000 and SGE-PLC50 programmable logic controllers (PLCs) running firmware version 9.0.2. This vulnerability allows a remote attacker to execute arbitrary shell commands with the same privileges as the application, potentially leading to complete system compromise. Given the role PLCs play in industrial control systems (ICS), the potential impact of this vulnerability is significant. Technical Details The vulnerability lies within the SetUserPassword() function. The newPassword parameter, which is intended to be the user’s new password, is directly incorporated into a shell command string using the sprintf() function. Critically, there is…

Overview This article discusses a critical stack-based buffer overflow vulnerability, identified as CVE-2025-11785, affecting Circutor SGE-PLC1000 and SGE-PLC50 devices running version 9.0.2. This vulnerability allows a remote attacker to potentially execute arbitrary code on the affected device by providing an overly long input to a specific function. Technical Details The vulnerability resides within the ShowMeterPasswords() function of the Circutor SGE-PLC1000/SGE-PLC50 firmware. The core issue is an uncontrolled buffer copy via sprintf(). The GetParameter(meter) function retrieves user-supplied input for the ‘meter’ parameter. This input is then directly incorporated into a fixed-size buffer without proper size validation. Consequently, an attacker can provide…

Overview CVE-2025-11784 identifies a significant stack-based buffer overflow vulnerability present in Circutor SGE-PLC1000 and SGE-PLC50 devices running version 9.0.2. This flaw, residing within the ‘ShowMeterDatabase()’ function, allows an attacker to potentially execute arbitrary code on the affected device by providing an excessively large input to the ‘meter’ parameter. This vulnerability has been publicly disclosed and requires immediate attention from organizations utilizing these PLC devices. Technical Details The root cause of the vulnerability lies in the insufficient input validation within the ‘ShowMeterDatabase()’ function. Specifically, the ‘GetParameter(meter)’ function retrieves user-provided input, which is subsequently used in an sprintf() call to copy data…

Published: 2025-12-02 Overview This article provides a detailed analysis of CVE-2025-11783, a stack-based buffer overflow vulnerability affecting Circutor SGE-PLC1000 and SGE-PLC50 devices running version 9.0.2. This vulnerability, located within the AddEvent() function, could potentially allow an attacker to execute arbitrary code remotely. Technical Details The vulnerability resides in the AddEvent() function. The issue arises when the function copies a user-supplied username into a fixed-size buffer of 48 bytes. Critically, the code lacks proper boundary checking. If the provided username exceeds this 48-byte limit, a stack-based buffer overflow occurs. By carefully crafting a malicious username, an attacker could overwrite adjacent memory…

Overview CVE-2025-11781 describes a critical security vulnerability affecting Circutor SGE-PLC1000 and SGE-PLC50 programmable logic controllers (PLCs) running firmware version 9.0.2. The vulnerability stems from the use of hardcoded cryptographic keys within the firmware. This allows an attacker with local access to the device to extract the key and forge valid firmware update packages, effectively bypassing all access controls and gaining full administrative privileges over the PLC. Technical Details The affected firmware version 9.0.2 of the Circutor SGE-PLC1000/SGE-PLC50 contains a static, hardcoded authentication key. This key is used to verify the authenticity and integrity of firmware update packages. An attacker with…

Overview CVE-2025-11780 describes a stack-based buffer overflow vulnerability affecting Circutor SGE-PLC1000 and SGE-PLC50 devices, specifically version 9.0.2. This vulnerability exists within the showMeterReport() function, where user-controlled input is mishandled, leading to potential code execution or denial-of-service conditions. The primary source of the flaw lies in the unchecked copying of user input into a fixed-size buffer using sprintf(). Technical Details The vulnerability stems from the showMeterReport() function within the Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 firmware. The GetParameter(meter) function retrieves user-supplied input intended for the meter parameter. This input is then directly incorporated into a buffer using the sprintf() function without any prior size…

Overview CVE-2025-11779 describes a stack-based buffer overflow vulnerability identified in Circutor SGE-PLC1000 and SGE-PLC50 devices, specifically version 9.0.2. This vulnerability could allow an attacker to potentially execute arbitrary code on the affected device. This poses a significant risk to industrial control systems (ICS) environments where these PLCs are deployed. Technical Details The vulnerability resides in the ‘SetLan’ function, which is invoked during the application of a new configuration to the PLC. This configuration process is triggered by a management web request initiated when a user makes changes through the ‘index.cgi’ web application. The core issue is the insufficient sanitization of…