CVE-2025-11787
Published: 02 December 2025
Description
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents command injection in GetDNS(), CheckPing(), and TraceRoute() by validating and sanitizing untrusted inputs before processing.
Remediates the specific command injection flaw in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through timely patching or vendor-recommended fixes.
Minimizes exposure to the vulnerable diagnostic functions by restricting the PLC OS to least functionality required for operations.
Security SummaryAI
CVE-2025-11787 is a command injection vulnerability (CWE-78) in the operating system of Circutor SGE-PLC1000 and SGE-PLC50 devices running version 9.0.2. The issue affects the 'GetDNS()', 'CheckPing()', and 'TraceRoute()' functions, enabling attackers to inject and execute arbitrary operating system commands. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-12-02T13:15:50.730.
Attackers with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing full system compromise through arbitrary command execution on the affected PLC devices.
The INCIBE-CERT advisory (https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0) addresses multiple vulnerabilities in Circutor products, including CVE-2025-11787, and provides details on affected systems for security practitioners to review for mitigation steps.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in network-exposed functions (GetDNS, CheckPing, TraceRoute) enables arbitrary OS command execution (T1059) via exploitation of a remote service (T1210).