Primary

Context

Circutor SGE-PLC1000/SGE-PLC50 Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in Circutor SGE-PLC1000 and SGE-PLC50 devices, both running version 9.0.2. The vulnerability arises in the 'AddEvent()' function, where user-controlled username input is copied to a fixed-size buffer of 48 bytes without proper boundary checking. This oversight can lead to memory corruption, with the potential for remote code execution.

Impact

Exploitation of this vulnerability can result in memory corruption, allowing for possible remote code execution on the affected device.

Remediation

Circutor SGE-PLC1000 and SGE-PLC50 units were discontinued in 2015. Users are advised to update to the latest available version of the current equivalent product, the GEDE EDC. For units that were replaced by the Compact DC, which became obsolete in November 2024, it is recommended to update to the latest version available.

Added: Dec 2, 2025, 1:22 PM

Updated: Dec 2, 2025, 5:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Circutor SGE-PLC1000/SGE-PLC50 Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Circutor SGE-PLC1000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating