Circutor Sge-plc1000 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Circutor Sge-plc1000 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2021-33841 — CVSS 10.0 (critical): SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into…
CVE-2025-11778 — CVSS 9.8 (critical): Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory…
CVE-2025-11779 — CVSS 9.8 (critical): Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new…
CVE-2025-11780 — CVSS 9.8 (critical): Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an…
CVE-2025-11783 — CVSS 9.8 (critical): Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function…
CVE-2025-11784 — CVSS 9.8 (critical): Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an…
CVE-2025-11785 — CVSS 9.8 (critical): Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an…
CVE-2025-11786 — CVSS 9.8 (critical): Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword'…
CVE-2025-11788 — CVSS 9.8 (critical): Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is…
CVE-2025-11782 — CVSS 9.8 (critical): Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to…
CVE-2025-11787 — CVSS 8.8 (high): Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and…
CVE-2021-33842 — CVSS 8.8 (high): Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform…
CVE-2025-11781 — CVSS 7.8 (high): Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static…
CVE-2025-11789 — CVSS 7.5 (high): Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer…