CVE-2025-11783

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2

Description A stack-based buffer overflow exists in the AddEvent() function when handling user-supplied usernames. The issue occurs because the function copies the username input to a fixed-size buffer of 48 bytes without proper boundary checks. This can cause memory corruption and potentially allow for remote code execution.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the length of the username input to less than 48 bytes.