CNNVD-202512-243 Information
Dec 02, 2025
cve
CNNVD ID
CNNVD-202512-243
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50都是西班牙CIRCUTOR公司的一个网络集中器。 CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 v9.0.2版本存在缓冲区错误漏洞,该漏洞源于DownloadFile函数未验证参数范围,可能导致越界读取。
Description (English)
CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are all network centralists of the Spanish company CIRCUTOR. CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 v9.0.2 have an error loophole in the buffer zone, which stems from the fact that the DownloadFile function does not verify the range of parameters, which may lead to cross-border reading.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
CIRCUTOR
Published
2025-12-02
Last Modified
2026-02-24
References
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0