exploitDog

CVE-2025-11783

Опубликовано: 02 дек. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2:*:*:*:*:*:*:*

cpe:2.3:h:circutor:sge-plc1000:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2:*:*:*:*:*:*:*

cpe:2.3:h:circutor:sge-plc50:-:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.0024

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-121

Связанные уязвимости

GHSA-pjhf-85h3-g8m3

CVSS3: 9.8

github

2 месяца назад

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.

EPSS

Процентиль: 47%

0.0024

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-121