CVE-2025-11785

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2

Description A stack-based buffer overflow exists due to insufficient input validation. The GetParameter(meter) function retrieves user-supplied input, specifically the meter parameter, and copies it into a fixed-size buffer using sprintf() without proper size checks. The ShowMeterPasswords() function is also implicated in this issue. An attacker can exploit this by providing an excessively large input for the meter parameter, leading to a buffer overflow.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict the size of the input accepted by the meter parameter in the GetParameter() function. Disable the ShowMeterPasswords() function until a patch is available.