Circutor SGE-PLC1000/SGE-PLC50 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Circutor SGE-PLC1000 and SGE-PLC50 devices, both running version 9.0.2. The vulnerability arises in the 'showMeterReport()' function, where user input for the 'meter' parameter is copied into a fixed-size buffer using 'sprintf()' without proper size validation. This flaw allows an attacker to send excessively large input, leading to memory corruption.

Impact

Exploitation of this vulnerability causes memory corruption, which can potentially be leveraged for remote code execution.

Remediation

Circutor SGE-PLC1000 and SGE-PLC50 units were discontinued in 2015 and replaced by the Compact DC, which became obsolete in November 2024. The current equivalent product is the GEDE EDC. For users with SGE-PLC1000 or SGE-PLC50 units, it is recommended to update to the latest available version (2.0.4) or, at a minimum, to 2.0.0. This not only addresses the identified vulnerabilities but also introduces new functionalities related to DLMS, the PRIME standard, STG protocols, and the REST API.