CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-11782

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.0%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

Products affected by CVE-2025-11782

Circutor » Sge-Plc1000 » Version: N/A

cpe:2.3:h:circutor:sge-plc1000:-
Circutor » Sge-Plc50 » Version: N/A

cpe:2.3:h:circutor:sge-plc50:-
Circutor » Sge-Plc1000 Firmware » Version: 9.0.2

cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2
Circutor » Sge-Plc50 Firmware » Version: 9.0.2

cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-11782

Products

Pricing

Contact Us