CVE-2025-11786

Published: Dec 2, 2025Modified: Dec 3, 2025

8.5

Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: cve-coordination@incibe.es (Secondary)

Description

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.

Affected (2)

Products: Circutor: Sge Plc1000 Firmware, Sge Plc50 Firmware

Circutor

2 products

Sge Plc1000 Firmware

Sge Plc50 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Circutor Sge Plc1000 Firmware	Version 9.0.2

Running on/with	Platform Versions
Circutor Sge Plc1000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Circutor Sge Plc50 Firmware	Version 9.0.2

Running on/with	Platform Versions
Circutor Sge Plc50	All versions

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (1)

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

Source: cve-coordination@incibe.es

Third Party Advisory

Timeline

No history available yet.