CVE-2025-11782

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2

Description A stack-based buffer overflow exists in the software due to insufficient bounds checking when handling user-supplied input. The ShowDownload() function utilizes sprintf() to format a string, incorporating the GetParameter(meter) input into a fixed-size buffer, acStack 4c, which is 64 bytes in length. An attacker can exploit this by providing a value for the meter parameter that exceeds the buffer's capacity, leading to a potential overflow. The vulnerable parameter is meter.

Recommendations Versions prior to 9.0.2 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.