ГлавнаяУязвимости → CVE-2025-11781
7.8высокая

CVE-2025-11781

Описание

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.

Затрагиваемое ПО
Circutor Sge-plc1000 firmwareCircutor Sge-plc1000Circutor Sge-plc50 firmwareCircutor Sge-plc50
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0