CVE-2025-11782

Circutor · SGE-PLC1000 and SGE-PLC50

A stack-based buffer overflow in the 'ShowDownload()' function allows unauthenticated attackers to overflow a 64-byte buffer via the 'meter' parameter.

Executive summary

A critical stack-based buffer overflow in Circutor SGE-PLC series devices allows unauthenticated attackers to overwrite memory, potentially leading to remote code execution.

Vulnerability

The 'ShowDownload()' function fails to perform length validation when formatting strings with user-supplied input from the 'meter' parameter. This allows an attacker to supply a string exceeding the 64-byte limit of the destination buffer ('acStack_4c'), resulting in a stack-based buffer overflow.

Business impact

This vulnerability is rated at 9.8 on the CVSS scale, indicating an extremely high risk to system security. Successful exploitation could result in the compromise of the device's control logic, potential loss of operational control, and unauthorized access to sensitive system information, causing severe operational disruption.

Remediation

Immediate Action: Apply the latest firmware update from Circutor to address the buffer overflow vulnerability in the 'ShowDownload()' function.

Proactive Monitoring: Monitor device access logs for malformed or unusually long request parameters that deviate from normal operational traffic.

Compensating Controls: Utilize network-level access controls to ensure that only authorized personnel can communicate with the device's management interface, thereby limiting the attack surface.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

The risk associated with this vulnerability is high due to the potential for remote code execution. Administrators should prioritize the application of vendor patches and ensure that compensating network controls are active until firmware updates are fully deployed.