CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-11786

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.0%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

Products affected by CVE-2025-11786

Circutor » Sge-Plc1000 » Version: N/A

cpe:2.3:h:circutor:sge-plc1000:-
Circutor » Sge-Plc50 » Version: N/A

cpe:2.3:h:circutor:sge-plc50:-
Circutor » Sge-Plc1000 Firmware » Version: 9.0.2

cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2
Circutor » Sge-Plc50 Firmware » Version: 9.0.2

cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-11786

Products

Pricing

Contact Us