CVE-2025-11786

High CVSS: 8.5

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.

Vendor

Circutor

Product

Sge-plc1000 Firmware

CWE

CWE-121

Yayın Tarihi

2025-12-02 13:15:50

Güncelleme

2025-12-03 19:13:02

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-121 Sge-plc1000 Firmware HIGH Circutor 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

Benzer Kayıtlar

High

CVE-2025-11789

Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parame…

High

CVE-2025-11788

Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' f…

High

CVE-2025-11785

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' functi…

High

CVE-2025-11787

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()',…

High

CVE-2025-11781

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded…

High

CVE-2025-11782

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “…