CVE-2025-11781

Published: Dec 2, 2025Modified: Dec 3, 2025

8.6

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: cve-coordination@incibe.es (Secondary)

Description

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.

Affected (2)

Products: Circutor: Sge Plc1000 Firmware, Sge Plc50 Firmware

Circutor

2 products

Sge Plc1000 Firmware

Sge Plc50 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Circutor Sge Plc1000 Firmware	Version 9.0.2

Running on/with	Platform Versions
Circutor Sge Plc1000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Circutor Sge Plc50 Firmware	Version 9.0.2

Running on/with	Platform Versions
Circutor Sge Plc50	All versions

Related CWEs

CWE-321

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References (1)

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

Source: cve-coordination@incibe.es

Third Party Advisory

Timeline

No history available yet.