2025-12-02 13:00:48
INCIBE
PUBLISHED
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The ShowDownload() function uses “sprintf()” to format a string that includes the user-controlled input of GetParameter(meter) in the fixed-size buffer acStack_4c (64 bytes) without checking the length. An attacker can provide an excessively long value for the meter parameter that exceeds the 64-byte buffer size.