Circutor SGE-PLC1000/SGE-PLC50 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Circutor SGE-PLC1000 and SGE-PLC50 devices, both running version 9.0.2. The vulnerability arises in the 'ShowDownload()' function, where 'sprintf()' is used to format a string with user-controlled input from 'GetParameter(meter)'. This input is directed into a fixed-size buffer of 64 bytes, without any length validation. As a result, an attacker can exploit this flaw by sending an excessively long value for the 'meter' parameter, exceeding the buffer's capacity.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing memory corruption that could be exploited for arbitrary code execution.

Remediation

Circutor has discontinued the SGE-PLC1000 and SGE-PLC50 units, recommending users transition to the GEDE EDC product. For those still using the SGE-PLC1000 or SGE-PLC50, it is advised to update to the latest version 1.2.21.