Circutor SGE-PLC1000/SGE-PLC50 Stack-Based Buffer Overflow Vulnerability Allowing Command Injection

A stack-based buffer overflow vulnerability has been identified in Circutor SGE-PLC1000 and SGE-PLC50 devices, both running version 9.0.2. The vulnerability arises in the 'SetUserPassword()' function, where the 'newPassword' parameter is incorporated into a shell command string using 'sprintf()' without proper sanitization or validation, and subsequently executed via 'system()'. This flaw enables an attacker to inject arbitrary shell commands that are executed with the same privileges as the application.

Impact

Exploitation of this vulnerability allows for stack-based buffer overflow, leading to memory corruption and potential arbitrary code execution.

Remediation

Circutor SGE-PLC1000 and SGE-PLC50 units were discontinued in 2015. Users are advised to update to the latest available version of the current equivalent product, the GEDE EDC, which includes vulnerability mitigations and new functionalities. For units that were replaced by the Compact DC, which became obsolete in November 2024, the same recommendation applies.