Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-11785

Опубликовано: 02 дек. 2025
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2:*:*:*:*:*:*:*
cpe:2.3:h:circutor:sge-plc1000:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2:*:*:*:*:*:*:*
cpe:2.3:h:circutor:sge-plc50:-:*:*:*:*:*:*:*

EPSS

Процентиль: 22%
0.00072
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-121

Связанные уязвимости

github логотип

GHSA-xxqf-v7w5-p22h

CVSS3: 9.8
github
2 месяца назад

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

EPSS

Процентиль: 22%
0.00072
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-121
Уязвимость CVE-2025-11785