CVE-2025-11780

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2

Description A stack-based buffer overflow exists due to insufficient input validation. The GetParameter(meter) function retrieves user-supplied input, specifically the meter parameter, and copies it into a fixed-size buffer without proper size checks. The showMeterReport() function then utilizes sprintf() to copy this input, potentially leading to a buffer overflow if the input exceeds the buffer's capacity. This condition arises from unlimited user input being copied to a fixed-size buffer.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict the size of the input accepted by the GetParameter(meter) function. Avoid providing excessively large values for the meter parameter.