CVE-2025-11782
Circutor · SGE-PLC1000 and SGE-PLC50
A stack-based buffer overflow in the 'ShowDownload()' function allows unauthenticated attackers to overflow a 64-byte buffer via the 'meter' parameter.
Executive summary
A critical stack-based buffer overflow in Circutor SGE-PLC series devices allows unauthenticated attackers to overwrite memory, potentially leading to remote code execution.
Vulnerability
The 'ShowDownload()' function fails to perform length validation when formatting strings with user-supplied input from the 'meter' parameter. This allows an attacker to supply a string exceeding the 64-byte limit of the destination buffer ('acStack_4c'), resulting in a stack-based buffer overflow.
Business impact
This vulnerability is rated at 9.8 on the CVSS scale, indicating an extremely high risk to system security. Successful exploitation could result in the compromise of the device's control logic, potential loss of operational control, and unauthorized access to sensitive system information, causing severe operational disruption.
Remediation
Immediate Action: Apply the latest firmware update from Circutor to address the buffer overflow vulnerability in the 'ShowDownload()' function.
Proactive Monitoring: Monitor device access logs for malformed or unusually long request parameters that deviate from normal operational traffic.
Compensating Controls: Utilize network-level access controls to ensure that only authorized personnel can communicate with the device's management interface, thereby limiting the attack surface.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
The risk associated with this vulnerability is high due to the potential for remote code execution. Administrators should prioritize the application of vendor patches and ensure that compensating network controls are active until firmware updates are fully deployed.