Description
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication
Scores
CVSS v3
8.8
EPSS
0.0043
EPSS Percentile
33.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-565
Status
published
Products (1)
circutor/sge-plc1000_firmware
0.9.2b
Published
Jun 09, 2021
Tracked Since
Feb 18, 2026