A critical vulnerability has been identified in certain Circutor PLC devices, which are commonly used in industrial control systems. This flaw, a stack-based buffer overflow, allows a remote attacker to potentially execute arbitrary code by sending a specially crafted username, which could grant them full control over the affected device and disrupt physical processes.

A stack-based buffer overflow vulnerability exists within the AddEvent() function of the device's software. The function copies user-supplied data from a username field into a fixed-size 48-byte buffer on the stack without performing any length validation. An unauthenticated remote attacker can exploit this by providing a username longer than 48 bytes, thereby overwriting adjacent memory on the stack, which can lead to memory corruption, denial of service, or arbitrary code execution.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could allow an attacker to gain complete control over the affected Programmable Logic Controllers (PLCs). As these devices are integral to Industrial Control Systems (ICS) and Operational Technology (OT) environments, a compromise could lead to severe business consequences, including disruption of industrial processes, equipment damage, production downtime, and potential safety risks to personnel.

Immediate Action: Immediately update affected Circutor SGE-PLC1000 and SGE-PLC50 devices to the latest patched version provided by the vendor. After applying the update, closely monitor the devices for any anomalous behavior and review system and access logs for any signs of attempted exploitation prior to the patch.

Proactive Monitoring: Implement enhanced monitoring of network traffic to and from the affected PLC devices. Specifically, look for authentication attempts or event logs containing unusually long usernames. Monitor for unexpected system crashes, reboots, or erratic behavior, which could be indicators of a successful or attempted exploit.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Segment the network to isolate the affected PLCs from corporate IT networks and the internet.
• Use a firewall or Access Control Lists (ACLs) to strictly limit network access to the devices to only authorized personnel and trusted systems.
• Deploy an Intrusion Detection/Prevention System (IDS/IPS) with signatures capable of detecting buffer overflow attempts.

Public Exploit Available: false

Due to the critical CVSS score of 9.8 and the potential for complete system compromise in an OT environment, this vulnerability requires immediate attention. Organizations must prioritize applying the vendor-supplied patches to all affected Circutor devices. If patching must be delayed for operational reasons, the compensating controls listed above should be implemented immediately as a temporary risk mitigation measure until the update can be deployed.