Overview CVE-2025-40700 details a reflected Cross-Site Scripting (XSS) vulnerability found in IDI Eikon’s Governalia. This vulnerability could allow an attacker to inject and execute malicious JavaScript code within a user’s browser by crafting a specific URL. This malicious URL, when clicked by a user, could lead to the theft of sensitive information or unauthorized actions performed on the user’s behalf. Technical Details The vulnerability resides within the /search endpoint of Governalia. Specifically, the application fails to properly sanitize the q parameter. An attacker can exploit this by injecting JavaScript code into the q parameter of the URL. When a user…

Overview CVE-2025-13879 describes a directory traversal vulnerability found in SOLIDserver IP Address Management (IPAM) version 8.2.3. This flaw allows an authenticated user with administrator privileges to access and list directories outside of their authorized scope. By manipulating the ‘directory’ parameter in the /mod/ajax.php?action=sections/list/list endpoint, malicious actors can potentially view sensitive system files and directories, leading to information disclosure and potentially further compromise. Technical Details The vulnerability exists within the /mod/ajax.php script, specifically when handling the sections/list/list action. The application fails to properly sanitize or validate the ‘directory’ parameter, allowing an attacker to inject directory traversal sequences (e.g., ../) to navigate…

Overview A critical Blind SQL injection vulnerability, identified as CVE-2025-12465, has been discovered in QuickCMS. This vulnerability stems from the improper neutralization of input within the aFilesDelete functionality, making the application susceptible to Blind SQL Injection attacks. The vulnerability is exploitable by high-privileged users. This article provides a detailed analysis of the vulnerability, its potential impact, and recommended mitigation steps. Please note that the vendor was notified, but has not provided specific details or a vulnerable version range as of this publication. Version 6.8 has been confirmed as vulnerable; other versions may also be affected. Technical Details CVE-2025-12465 arises from…

Overview CVE-2025-11789 is a reported out-of-bounds read vulnerability affecting Circutor SGE-PLC1000 and SGE-PLC50 devices running firmware version 9.0.2. This vulnerability could potentially allow an attacker to read sensitive information from the device’s memory, leading to further exploitation or system compromise. Technical Details The vulnerability resides within the DownloadFile function. This function processes a parameter which it converts to an integer using the atoi() function. The resulting integer is then used as an index (iVar2) into the FilesDownload array via the expression (&FilesDownload)[iVar2]. The critical flaw lies in the lack of proper bounds checking. If the parameter passed to atoi() is…

Overview This article provides a detailed analysis of CVE-2025-11788, a heap-based buffer overflow vulnerability discovered in Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2. This vulnerability allows a remote attacker to potentially execute arbitrary code or cause a denial-of-service (DoS) condition by providing a crafted input to the device. Technical Details The vulnerability resides within the ShowSupervisorParameters() function. The core issue stems from an unbounded sprintf() call when handling user input obtained through the GetParameter(meter) function. Specifically: The GetParameter(meter) function retrieves user-supplied input associated with the ‘meter’ parameter. This input is then directly incorporated into a fixed-size buffer using sprintf() within the ShowSupervisorParameters() function.…

Overview This article provides a comprehensive analysis of CVE-2025-11787, a command injection vulnerability discovered in Circutor SGE-PLC1000 and SGE-PLC50 programmable logic controllers (PLCs). The vulnerability affects versions up to and including 9.0.2 and could allow a remote attacker to execute arbitrary commands on the affected device. Given the potential impact on industrial control systems (ICS) and critical infrastructure, this vulnerability warrants immediate attention and remediation. Technical Details CVE-2025-11787 stems from insufficient input validation in the GetDNS(), CheckPing(), and TraceRoute() functions of the Circutor SGE-PLC1000/SGE-PLC50 operating system. An attacker can exploit this flaw by injecting malicious commands into parameters passed to…

Overview CVE-2025-11786 describes a critical stack-based buffer overflow vulnerability affecting Circutor SGE-PLC1000 and SGE-PLC50 programmable logic controllers (PLCs) running firmware version 9.0.2. This vulnerability allows a remote attacker to execute arbitrary shell commands with the same privileges as the application, potentially leading to complete system compromise. Given the role PLCs play in industrial control systems (ICS), the potential impact of this vulnerability is significant. Technical Details The vulnerability lies within the SetUserPassword() function. The newPassword parameter, which is intended to be the user’s new password, is directly incorporated into a shell command string using the sprintf() function. Critically, there is…

Overview This article discusses a critical stack-based buffer overflow vulnerability, identified as CVE-2025-11785, affecting Circutor SGE-PLC1000 and SGE-PLC50 devices running version 9.0.2. This vulnerability allows a remote attacker to potentially execute arbitrary code on the affected device by providing an overly long input to a specific function. Technical Details The vulnerability resides within the ShowMeterPasswords() function of the Circutor SGE-PLC1000/SGE-PLC50 firmware. The core issue is an uncontrolled buffer copy via sprintf(). The GetParameter(meter) function retrieves user-supplied input for the ‘meter’ parameter. This input is then directly incorporated into a fixed-size buffer without proper size validation. Consequently, an attacker can provide…

Overview CVE-2025-11784 identifies a significant stack-based buffer overflow vulnerability present in Circutor SGE-PLC1000 and SGE-PLC50 devices running version 9.0.2. This flaw, residing within the ‘ShowMeterDatabase()’ function, allows an attacker to potentially execute arbitrary code on the affected device by providing an excessively large input to the ‘meter’ parameter. This vulnerability has been publicly disclosed and requires immediate attention from organizations utilizing these PLC devices. Technical Details The root cause of the vulnerability lies in the insufficient input validation within the ‘ShowMeterDatabase()’ function. Specifically, the ‘GetParameter(meter)’ function retrieves user-provided input, which is subsequently used in an sprintf() call to copy data…

Published: 2025-12-02 Overview This article provides a detailed analysis of CVE-2025-11783, a stack-based buffer overflow vulnerability affecting Circutor SGE-PLC1000 and SGE-PLC50 devices running version 9.0.2. This vulnerability, located within the AddEvent() function, could potentially allow an attacker to execute arbitrary code remotely. Technical Details The vulnerability resides in the AddEvent() function. The issue arises when the function copies a user-supplied username into a fixed-size buffer of 48 bytes. Critically, the code lacks proper boundary checking. If the provided username exceeds this 48-byte limit, a stack-based buffer overflow occurs. By carefully crafting a malicious username, an attacker could overwrite adjacent memory…