CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-11781

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.1%

CVSS Severity

CVSS v3 Score 7.8

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

Products affected by CVE-2025-11781

Circutor » Sge-Plc1000 » Version: N/A

cpe:2.3:h:circutor:sge-plc1000:-
Circutor » Sge-Plc50 » Version: N/A

cpe:2.3:h:circutor:sge-plc50:-
Circutor » Sge-Plc1000 Firmware » Version: 9.0.2

cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2
Circutor » Sge-Plc50 Firmware » Version: 9.0.2

cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-11781

Products

Pricing

Contact Us