CVE-2025-11788

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2

Description A heap-based buffer overflow exists in the software due to insufficient input validation. The ShowSupervisorParameters() function copies user-supplied data to a fixed-size buffer using sprintf(). The GetParameter(meter) function retrieves user input, specifically the meter parameter, and incorporates it into a buffer without proper size checks. An attacker can exploit this by providing an oversized input for the meter parameter, leading to a buffer overflow.

Recommendations Update to a newer version that contains a fix for this vulnerability.