CVE-2025-11789
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-02

Last updated on: 2025-12-03

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index in the 'FilesDownload' array with '(&FilesDownload)[iVar2]'. If the parameter is too large, it will access memory beyond the limits.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-02
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-12-02
EPSS Evaluated
2026-06-14
NVD
CVE-2025-11789
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
circutor sge-plc1000_firmware 9.0.2
circutor sge-plc1000 *
circutor sge-plc50_firmware 9.0.2
circutor sge-plc50 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds read in Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2. It occurs in the 'DownloadFile' function, where a parameter is converted to an integer using 'atoi()' and then used as an index to access the 'FilesDownload' array. If the parameter value is too large, it causes the program to read memory beyond the array's limits, potentially leading to unexpected behavior or information disclosure.

Impact Analysis

The out-of-bounds read can lead to unauthorized access to memory areas beyond the intended array, which may result in information disclosure or cause the device to behave unpredictably. This can compromise the security and reliability of the affected Circutor devices, potentially impacting the management of electricity networks that rely on these devices.

Mitigation Strategies

The affected Circutor SGE-PLC1000/SGE-PLC50 devices are discontinued since 2015 and have been replaced by newer models. It is recommended to update the firmware to version 2.0.0 or later to mitigate this and related vulnerabilities. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11789. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart