彙總 circutor 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 緩衝區溢位與輸入驗證問題,在 軟體部署與生產負載 使用場景中可能帶來 應用程式崩潰、記憶體損壞與異常行為 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-11789 | Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index in the 'FilesDownload' array with '(&FilesDownload)[iVar2]'. If the parameter is too large, it will access memory beyond the limits. | [email protected] | 7.1 | 0.22% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11788 | Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter. | [email protected] | 8.5 | 0.27% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11787 | Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions. | [email protected] | 8.5 | 0.88% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11786 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application. | [email protected] | 8.5 | 0.33% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11785 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter. | [email protected] | 8.5 | 0.33% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11784 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter. | [email protected] | 8.5 | 0.33% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11783 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution. | [email protected] | 8.5 | 0.51% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11782 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size. | [email protected] | 8.5 | 0.33% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11781 | Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges. | [email protected] | 8.6 | 0.12% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11780 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the “meter” parameter. | [email protected] | 8.7 | 0.27% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11779 | Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection. | [email protected] | 9.4 | 1.27% | 2025-12-02 | 2026-06-17 |
| CVE-2025-11778 | Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'read_packet()' function of the TACACSPLUS implementation. | [email protected] | 10.0 | 0.29% | 2025-12-02 | 2026-06-17 |
| CVE-2025-64389 | The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol. | 50b5080a-775f-442e-83b5-926b5ca517b6 | 8.3 | 0.20% | 2025-10-31 | 2026-06-17 |
| CVE-2025-64388 | Denial of service of the web server through specific requests to this protocol | 50b5080a-775f-442e-83b5-926b5ca517b6 | 9.2 | 0.30% | 2025-10-31 | 2026-06-17 |
| CVE-2025-64387 | The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login credentials in a form that, a priori, appears legitimate. | 50b5080a-775f-442e-83b5-926b5ca517b6 | 5.1 | 0.32% | 2025-10-31 | 2026-06-17 |
| CVE-2025-64385 | The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication. | 50b5080a-775f-442e-83b5-926b5ca517b6 | 9.2 | 0.46% | 2025-10-31 | 2026-06-17 |
| CVE-2025-64386 | The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active. | 50b5080a-775f-442e-83b5-926b5ca517b6 | 7.7 | 0.29% | 2025-10-31 | 2026-06-17 |
| CVE-2024-8891 | An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4. | [email protected] | 5.3 | 0.30% | 2024-09-18 | 2026-06-17 |
| CVE-2024-8892 | Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle. | [email protected] | 5.3 | 0.34% | 2024-09-18 | 2026-06-17 |
| CVE-2024-8890 | An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established. | [email protected] | 8.0 | 0.38% | 2024-09-18 | 2026-06-17 |