Primary

Context

Circutor SGE-PLC1000/SGE-PLC50 Stack-Based Buffer Overflow Vulnerability Allowing Command Injection

Vulnerability

A stack-based buffer overflow vulnerability has been identified in Circutor SGE-PLC1000 and SGE-PLC50 devices, both running version 9.0.2. The vulnerability arises in the 'SetLan' function, which is triggered when a new configuration is applied via a management web request. The 'index.cgi' web application does not properly sanitize the parameters, potentially leading to command injection.

Impact

Exploitation of this vulnerability allows for stack-based buffer overflow, which can commonly lead to memory corruption and arbitrary code execution.

Remediation

Circutor SGE-PLC1000 and SGE-PLC50 units were discontinued in 2015. Users are advised to update to the latest available version (2.0.4) or, at a minimum, to 2.0.0. For units replaced by the GEDE EDC, it is recommended to update to the latest version.

Added: Dec 2, 2025, 1:25 PM

Updated: Dec 2, 2025, 5:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

3.5

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

3.5

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Circutor SGE-PLC1000/SGE-PLC50 Stack-Based Buffer Overflow Vulnerability Allowing Command Injection

Vulnerability

Impact

Remediation

Affected Products

Circutor SGE-PLC1000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating