Circutor SGE-PLC1000/SGE-PLC50 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Circutor SGE-PLC1000 and SGE-PLC50 devices running version 9.0.2. The vulnerability arises in the 'ShowMeterDatabase()' function, where unlimited user input is copied to a fixed-size buffer using 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input without proper size validation, allowing an attacker to exploit this by providing excessively large input for the 'meter' parameter.

Impact

Exploitation of this vulnerability leads to memory corruption, which can be leveraged for arbitrary code execution on the device.

Remediation

Circutor SGE-PLC1000 and SGE-PLC50 units were discontinued in 2015. Users are advised to update to the latest available version of the current equivalent product, the GEDE EDC, which includes vulnerability mitigations and new functionalities. For units that were replaced by the Compact DC, which became obsolete in November 2024, it is recommended to update to the latest version available.