exploitDog

CVE-2025-11781

Опубликовано: 02 дек. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2:*:*:*:*:*:*:*

cpe:2.3:h:circutor:sge-plc1000:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2:*:*:*:*:*:*:*

cpe:2.3:h:circutor:sge-plc50:-:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00021

Низкий

7.8 High

CVSS3

Дефекты

CWE-321

Связанные уязвимости

GHSA-hrhq-7vp6-hj9f

CVSS3: 7.8

github

2 месяца назад

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.

EPSS

Процентиль: 5%

0.00021

Низкий

7.8 High

CVSS3

Дефекты

CWE-321