CNNVD-202512-246 Information
Dec 02, 2025
cve
CNNVD ID
CNNVD-202512-246
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50都是西班牙CIRCUTOR公司的一个网络集中器。 CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 v9.0.2版本存在安全漏洞,该漏洞源于SetUserPassword函数未清理newPassword参数,可能导致命令注入。
Description (English)
CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are all network centralists of the Spanish company CIRCUTOR. CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 v9.02 have a security loophole, which stems from the fact that the SetUserPassword function does not clear the NewPassword parameter, which may lead to the injection of the command.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
CIRCUTOR
Published
2025-12-02
Last Modified
2026-02-24
References
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0