Overview CVE-2025-11781 describes a critical security vulnerability affecting Circutor SGE-PLC1000 and SGE-PLC50 programmable logic controllers (PLCs) running firmware version 9.0.2. The vulnerability stems from the use of hardcoded cryptographic keys within the firmware. This allows an attacker with local access to the device to extract the key and forge valid firmware update packages, effectively bypassing all access controls and gaining full administrative privileges over the PLC. Technical Details The affected firmware version 9.0.2 of the Circutor SGE-PLC1000/SGE-PLC50 contains a static, hardcoded authentication key. This key is used to verify the authenticity and integrity of firmware update packages. An attacker with…

Overview CVE-2025-11780 describes a stack-based buffer overflow vulnerability affecting Circutor SGE-PLC1000 and SGE-PLC50 devices, specifically version 9.0.2. This vulnerability exists within the showMeterReport() function, where user-controlled input is mishandled, leading to potential code execution or denial-of-service conditions. The primary source of the flaw lies in the unchecked copying of user input into a fixed-size buffer using sprintf(). Technical Details The vulnerability stems from the showMeterReport() function within the Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 firmware. The GetParameter(meter) function retrieves user-supplied input intended for the meter parameter. This input is then directly incorporated into a buffer using the sprintf() function without any prior size…

Overview CVE-2025-11779 describes a stack-based buffer overflow vulnerability identified in Circutor SGE-PLC1000 and SGE-PLC50 devices, specifically version 9.0.2. This vulnerability could allow an attacker to potentially execute arbitrary code on the affected device. This poses a significant risk to industrial control systems (ICS) environments where these PLCs are deployed. Technical Details The vulnerability resides in the ‘SetLan’ function, which is invoked during the application of a new configuration to the PLC. This configuration process is triggered by a management web request initiated when a user makes changes through the ‘index.cgi’ web application. The core issue is the insufficient sanitization of…

Overview A critical stack-based buffer overflow vulnerability has been discovered in Circutor SGE-PLC1000 and SGE-PLC50 version 0.9.2. This vulnerability, identified as CVE-2025-11778, allows a remote attacker to potentially execute arbitrary code or cause a denial-of-service condition on the affected devices. The vulnerability resides within the TACACSPLUS implementation, specifically in the read_packet() function. Technical Details CVE-2025-11778 stems from insufficient bounds checking in the read_packet() function of the TACACSPLUS implementation within Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. An attacker can exploit this vulnerability by sending a specially crafted TACACS+ packet containing an excessively long field. When the PLC processes this packet, the read_packet() function attempts…

Overview A critical SQL injection vulnerability, identified as CVE-2025-13090, has been discovered in the WP Directory Kit plugin for WordPress. This vulnerability affects all versions up to and including 1.4.6. Exploitation of this vulnerability could allow attackers with Administrator-level access to extract sensitive information from the WordPress database. Technical Details The vulnerability stems from insufficient input sanitization of the ‘search’ parameter. Specifically, the WP Directory Kit plugin fails to properly escape user-supplied input in the ‘search’ parameter. Coupled with a lack of sufficient preparation in the existing SQL query, this allows an attacker to inject malicious SQL code. An authenticated…

Overview CVE-2025-41744 is a critical vulnerability affecting the Sprecher Automations SPRECON-E series. This vulnerability arises from the use of default cryptographic keys, which allows an unauthenticated remote attacker to access all encrypted communications. This compromises both the confidentiality and integrity of the system. The vulnerability was published on 2025-12-02T11:15:51.760 and has a CVSS score of 9.1, indicating a critical severity level. Technical Details The SPRECON-E series relies on encryption to secure its communications. However, the use of default, hardcoded cryptographic keys means that anyone with knowledge of these keys can decrypt and potentially manipulate data transmitted within the system. An…

Overview CVE-2025-41743 is a security vulnerability affecting Sprecher Automation’s SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 products. It stems from insufficient encryption strength used in the creation of update images. A local, unprivileged attacker can exploit this weakness to extract data from these images, potentially gaining insights into the system architecture and internal processes. Technical Details The vulnerability lies in the inadequate cryptographic algorithms employed to encrypt the firmware or configuration data contained within the update images. By leveraging readily available tools and techniques, an attacker with local access to a system containing or processing these update images can bypass the weak encryption.…

Overview A critical vulnerability, identified as CVE-2025-41742, has been discovered in Sprecher Automations SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 devices. This vulnerability allows an unauthorized remote attacker to compromise the system due to the use of default cryptographic keys. Successful exploitation of this vulnerability can lead to complete system takeover. Technical Details CVE-2025-41742 stems from the use of predictable or default cryptographic keys within the SPRECON-E product line. An attacker who gains knowledge of these keys can leverage them to: Read sensitive project configurations. Modify existing projects and data. Write new projects or data to the devices. Gain unrestricted access to any…

Overview CVE-2025-13353 identifies a critical vulnerability in gokey versions prior to 0.2.0. This flaw impacts the generation of passwords when using a seed file (-s option). The issue lies within the seed decryption logic, leading to passwords being derived incorrectly from only the initial vector and the AES-GCM authentication tag of the key seed. Gokey version 0.2.0 addresses this vulnerability, but it’s a breaking change that invalidates previously generated secrets. Technical Details The core issue resided in how gokey versions before 0.2.0 utilized the seed file for password generation. Instead of using the entire seed file (240 bytes) as entropy,…

Overview CVE-2025-13873 describes a stored Cross-Site Scripting (XSS) vulnerability discovered in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562. This vulnerability allows an attacker to inject malicious JavaScript code into a survey. When a user accesses the compromised survey, the injected JavaScript executes within their browser, potentially leading to account compromise, data theft, or other malicious activities. Technical Details The vulnerability resides in how Opinio handles user-supplied input during the survey import process. Specifically, insufficient input validation and sanitization of survey data allows an attacker to embed malicious JavaScript code within fields such as question titles, descriptions, or other survey…