Primary

Context

Circutor SGE-PLC1000/SGE-PLC50 Stack-Based Buffer Overflow Vulnerability

Vulnerability

A stack-based buffer overflow vulnerability has been identified in Circutor SGE-PLC1000 and SGE-PLC50 devices, both running version 9.0.2. The vulnerability arises in the 'ShowMeterPasswords()' function, where user input is copied to a fixed-size buffer using 'sprintf()' without proper size validation. This flaw allows an attacker to exploit memory corruption by providing excessively large input for the 'meter' parameter.

Impact

Exploitation of this vulnerability leads to memory corruption, with potential consequences of remote code execution.

Remediation

Circutor SGE-PLC1000 and SGE-PLC50 units were discontinued in 2015. Users are advised to update to the latest available version (2.0.4) for the current equivalent product, the GEDE EDC. For units that were replaced by the Compact DC, which became obsolete in November 2024, it is recommended to update to the latest version available.

Added: Dec 2, 2025, 1:21 PM

Updated: Dec 2, 2025, 5:52 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

4.9

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

4.9

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Circutor SGE-PLC1000/SGE-PLC50 Stack-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Circutor SGE-PLC1000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating