Primary

Context

Circutor SGE-PLC1000/SGE-PLC50 Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in Circutor SGE-PLC1000 and SGE-PLC50 devices running version 9.0.2. This vulnerability arises in the operating system and can be exploited through the 'GetDNS()', 'CheckPing()', and 'TraceRoute()' functions.

Impact

Exploitation of this vulnerability allows for command injection on the operating system level, where an attacker can execute arbitrary commands with the same privileges as the application.

Remediation

Circutor SGE-PLC1000 and SGE-PLC50 units were discontinued in 2015. Users are advised to update to the latest available version (2.0.4) or, at a minimum, to 2.0.0. For units that have been replaced by the GEDE EDC, it is recommended to update to the latest version.

Added: Dec 2, 2025, 1:20 PM

Updated: Dec 2, 2025, 5:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Circutor SGE-PLC1000/SGE-PLC50 Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Circutor SGE-PLC1000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating