Vulnerabilities

CVE-2025-11789

by Fred · 02/12/2025

Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The ‘DownloadFile’ function converts a parameter to an integer using ‘atoi()’ and then uses it as an index in the ‘FilesDownload’ array with ‘(&FilesDownload)[iVar2]’. If the parameter is too large, it will access memory beyond the limits.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

Similar

Tags: Cybersecurity Alert