{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11783", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2025-10-15T12:06:12.926Z", "datePublished": "2025-12-02T13:01:04.236Z", "dateUpdated": "2025-12-02T14:00:14.603Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Circutor", "vendor": "SGE-PLC1000 SGE-PLC50", "versions": [{"status": "affected", "version": "9.0.2"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sge-plc1000_sge-plc50:circutor:9.0.2:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Gabriel Gonzalez and Sergio Ruiz"}], "datePublic": "2025-10-28T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution."}], "value": "Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2025-12-02T13:01:04.236Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The SGE-PLC100 and SGE-PLC50 units were discontinued in 2015. They were replaced by the Compact DC, which in turn became obsolete in November 2024. The current equivalent product is the GEDE EDC. The oldest version currently installed is 1.0.14, as it was the first to be compatible with the existing tariff system, while the latest version of these units is 1.2.21. Circutor recommends not extending the useful life of the SGE-PLC100 and SGE-PLC50 concentrators without keeping them updated. For both the Compact DC units (which replaced the SGE series) and the current GEDE EDC, it is recommended to update to the latest available version (2.0.4) or, at a minimum, to 2.0.0. This approach not only mitigates the identified vulnerabilities, but also provides new functionalities derived from the evolution of DLMS, the PRIME standard, STG protocols and the REST API."}], "value": "The SGE-PLC100 and SGE-PLC50 units were discontinued in 2015. They were replaced by the Compact DC, which in turn became obsolete in November 2024. The current equivalent product is the GEDE EDC. The oldest version currently installed is 1.0.14, as it was the first to be compatible with the existing tariff system, while the latest version of these units is 1.2.21. Circutor recommends not extending the useful life of the SGE-PLC100 and SGE-PLC50 concentrators without keeping them updated. For both the Compact DC units (which replaced the SGE series) and the current GEDE EDC, it is recommended to update to the latest available version (2.0.4) or, at a minimum, to 2.0.0. This approach not only mitigates the identified vulnerabilities, but also provides new functionalities derived from the evolution of DLMS, the PRIME standard, STG protocols and the REST API."}], "source": {"discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned"], "title": "Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-02T14:00:05.778352Z", "id": "CVE-2025-11783", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-02T14:00:14.603Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11783", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-02T14:00:05.778352Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-02T14:00:10.983Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Gabriel Gonzalez and Sergio Ruiz"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SGE-PLC1000 SGE-PLC50", "product": "Circutor", "versions": [{"status": "affected", "version": "9.0.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The SGE-PLC100 and SGE-PLC50 units were discontinued in 2015. They were replaced by the Compact DC, which in turn became obsolete in November 2024. The current equivalent product is the GEDE EDC. The oldest version currently installed is 1.0.14, as it was the first to be compatible with the existing tariff system, while the latest version of these units is 1.2.21. Circutor recommends not extending the useful life of the SGE-PLC100 and SGE-PLC50 concentrators without keeping them updated. For both the Compact DC units (which replaced the SGE series) and the current GEDE EDC, it is recommended to update to the latest available version (2.0.4) or, at a minimum, to 2.0.0. This approach not only mitigates the identified vulnerabilities, but also provides new functionalities derived from the evolution of DLMS, the PRIME standard, STG protocols and the REST API.", "supportingMedia": [{"type": "text/html", "value": "The SGE-PLC100 and SGE-PLC50 units were discontinued in 2015. They were replaced by the Compact DC, which in turn became obsolete in November 2024. The current equivalent product is the GEDE EDC. The oldest version currently installed is 1.0.14, as it was the first to be compatible with the existing tariff system, while the latest version of these units is 1.2.21. Circutor recommends not extending the useful life of the SGE-PLC100 and SGE-PLC50 concentrators without keeping them updated. For both the Compact DC units (which replaced the SGE series) and the current GEDE EDC, it is recommended to update to the latest available version (2.0.4) or, at a minimum, to 2.0.0. This approach not only mitigates the identified vulnerabilities, but also provides new functionalities derived from the evolution of DLMS, the PRIME standard, STG protocols and the REST API.", "base64": false}]}], "datePublic": "2025-10-28T11:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.", "supportingMedia": [{"type": "text/html", "value": "Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sge-plc1000_sge-plc50:circutor:9.0.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2025-12-02T13:01:04.236Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11783", "state": "PUBLISHED", "dateUpdated": "2025-12-02T14:00:14.603Z", "dateReserved": "2025-10-15T12:06:12.926Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2025-12-02T13:01:04.236Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:circutor:sge-plc1000_firmware:9.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3FC715A9-6F95-4795-B3B1-1BFAF88ACCE9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:circutor:sge-plc1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFF41215-1018-42DD-9A7E-BBC2E5B4522D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:circutor:sge-plc50_firmware:9.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "203C8B5E-582A-4680-B324-B9092F01462B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:circutor:sge-plc50:-:*:*:*:*:*:*:*", "matchCriteriaId": "447D1571-5329-422D-8E31-F4964E412FC3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "cve-coordination@incibe.es", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution."}], "id": "CVE-2025-11783", "lastModified": "2025-12-03T19:12:12.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2025-12-02T13:15:49.720", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "cve-coordination@incibe.es", "type": "Primary"}]}

{}