CVE-2025-11785
Circutor · SGE-PLC1000 and SGE-PLC50
A stack-based buffer overflow in the 'ShowMeterPasswords()' function allows unauthenticated attackers to crash the application or execute arbitrary code via excessive input.
Executive summary
A critical stack-based buffer overflow in Circutor SGE-PLC series devices permits unauthenticated attackers to trigger memory corruption and potentially execute arbitrary code.
Vulnerability
The vulnerability exists within the 'ShowMeterPasswords()' function due to the lack of size validation when copying user-supplied input from the 'meter' parameter into a fixed-size buffer using 'sprintf()'. An unauthenticated attacker can provide an excessively large input to trigger an overflow.
Business impact
With a CVSS score of 9.8, this vulnerability represents a significant risk to the availability and security of the affected industrial control hardware. Successful exploitation can lead to a complete denial-of-service or remote code execution, enabling attackers to compromise the device, intercept sensitive password data, or pivot further into the industrial network.
Remediation
Immediate Action: Update the affected Circutor SGE-PLC1000/SGE-PLC50 firmware to the latest version provided by the manufacturer to remediate the buffer overflow.
Proactive Monitoring: Monitor system logs for repeated application crashes or abnormal memory utilization patterns that may indicate an ongoing exploitation attempt.
Compensating Controls: Deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) configured to inspect and block excessively long input strings directed at the device's web management interface.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
The severity of this memory corruption vulnerability warrants immediate remediation. Security teams must ensure that firmware updates are tested and deployed as soon as they become available to mitigate the risk of unauthorized access or device failure.