Category: ADVISORIES

ADVISORIES, INSIGHTS | January 26, 2026

IOActive Security Advisory | CIRCUTOR – SGE-PLC1000/SGE-PLC50 v 0.9.2 / ServicePack 140411

By Gabriel Gonzalez & Sergio Ruiz

The attached advisory details multiple critical and high-severity vulnerabilities discovered in the CIRCUTOR SGE-PLC1000 and SGE-PLC50 industrial control devices. Researchers identified a wide range of security issues, including buffer overflows, command injection flaws, hardcoded authentication keys, and memory corruption vulnerabilities that could allow attackers to execute arbitrary code, gain administrative access, or disrupt device operations remotely. Several of the findings stem from unsafe handling of user-supplied input and insecure use of functions such as sprintf() and system(). The report emphasizes the potential impact on industrial environments and recommends implementing stronger input validation, safer memory handling practices, and more secure authentication mechanisms to reduce the overall attack surface.

Affected Product

  • CIRCUTOR – SGE-PLC1000/SGE-PLC50 v 0.9.2 / ServicePack 140411

TitleCIRCUTOR SGE PLC1000/PLC50
Severity1 Critical, 10 High, 3 medium
Discovered byGabriel Gonzalez / Sergio Ruiz
Advisory DateJanuary 26, 2026

Timeline

  • 2025-03-14: Vulnerabilities identified, disclosure process begins.
  • 2025-09-30: INCIBE gets ahold of the client to fix vulnerabilities
  • 2025-10-28: INCIBE coordinates disclosure: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

Download Full Advisory
ADVISORIES | August 7, 2024

IOActive Security Advisory | PLANET Networking – Vulnerabilities Identified

By Daniel Martinez

Affected Product

  • IGS-4215-16T2S

Firmware Version

  • 1.305b210528

Background

IOActive had the chance to access the IGS-4215-16T2S device. IOActive identified three vulnerabilities which need attention.

Timeline

  • 2022-09-29: IOActive discovers the vulnerabilities
  • 2023-03-29: IOActive informs Planet Technology about the identified vulnerabilities
  • 2023-12-13: Planet released a new firmware version (1.305b231218) informing IOActive that the vulnerabilities are fixed
  • 2024-01-09: IOActive notifies the vulnerability to INCIBE, Spanish CERT
  • 2024-02-16: IOActive confirm that the vulnerabilities were fixed after retesting them in the new firmware version
  • 2024-03-21: INCIBE shared the CVEs assigned with IOActive
  • 2024-08-07: IOActive advisory published
  • NOTE : While publishing this disclosure, IOActive had retested version FW-IGS-4215-16T2S_v1.305b231218.bix with hash 6e4ea892dc0d203c83ff02a2cba13e83. This version had the fixes. PLANET Technology published a firmware FW-IGS-4215-16T2S_v1.305b240227.bix with the hash abe64b8a62ebf339fb404fd85c0081b. They had informed that the findings have been fixed in this version. IOActive has not reviewed this firmware.
Read The Full Advisory
ADVISORIES | July 25, 2024

IOActive Security Advisory | Fortinet FortiGate – Cross-site Scripting in SSL VPN

By Jamie Riden

Affected Products

VersionAffected
FortiOS 7.47.4.0 through 7.4.3
FortiOS 7.27.2.0 through 7.2.7
FortiOS 7.07.0.0 through 7.0.13
FortiOS 6.46.4 all versions
FortiProxy 7.47.4.0 through 7.4.3
FortiProxy 7.27.2.0 through 7.2.9
FortiProxy 7.07.0.0 through 7.0.16


Background

Fortinet, Inc. (Fortinet) is a global leader of cybersecurity solutions and services that provides protection against cyber threats. It is a company that develops and sells security products and solutions, such as firewalls, endpoint security, intrusion prevention systems, web filtering, antivirus, sandbox, and VPN.

FortiGate is a network security device that provides protection against cyber threats. The device can perform various functions, such as, firewall, intrusion prevention system, web content filtering, antivirus, sandbox and VPN and is part of the Fortinet Security Fabric, which integrates different security products and services into a unified and automated platform.


Timeline

  • 2023-11-16: IOActive discovers the vulnerability
  • 2023-11-22: IOActive informs Fortinet about the identified vulnerability
  • 2024-01-12: Fortinet acknowledges the issue
  • 2024-04-26: CVE ID pre-reserved by Fortinet
  • 2024-07-10: Advisory published by Fortinet
  • 2024-07-25: IOActive advisory published
ADVISORIES | June 21, 2024

IOActive Security Advisory | MásMóvil Comtrend Router –  Multiple Vulnerabilities

By Gabriel Gonzalez

Affected Products

  1. MásMóvil Comtrend Router – Version: ES_WLD71-T1_v2.0.201820
    1. HW Version: GRG-4280us
    1. FW Version: QR51S404
    1. SW Version: MMV-C04_R10

Timeline

  • 2023-08-24: IOActive discovers vulnerability
  • 2023-09-12: IOActive begins vulnerability disclosure with affected parties
  • 2024-06-10: The corresponding CNA released the CVEs to public domain.
  • 2024-06-21: IOActive advisory published
ADVISORIES | March 28, 2024

IOActive Security Advisory | KUNBUS Revolution Pi – Multiple Vulnerabilities

By Ethan Shackelford

KUNBUS GmbH (KUNBUS) develops and offers products and solutions for industrial communication in automation, process, manufacturing and drive technology. This includes a comprehensive portfolio of real-time Ethernet and fieldbus-based protocol technology on state-of-the-art hardware platforms, as well as stacks suitable for the sensor level with IO-Link and IO-Link Wireless and the entry into wireless communication technology.

ADVISORIES | March 21, 2024

IOActive Security Advisory | Movistar 4G Router – Multiple Vulnerabilities

By Gabriel Gonzalez

IOActive found that the Android Debug Bridge (ADB) is listening on all interfaces and gives access to a shell with root privileges; a malicious actor with access to the same network that the router is providing access to will have full control of the device. A malicious actor can send a specific payload to the gui.cgi using the ping_traceroute_process functionality to execute arbitrary commands as the privileged root user. IOActive saw a general lack of protection against cross-site request forgery (CSRF) attacks. CVE-2024-2414, CVE-2024-2415, CVE-2024-2416

ADVISORIES |

IOActive Security Advisory | Hikvision Camera Denial of Service

By Sergio Ruiz

CVE-2023-28811. The Hikvision DS-7732NI-14(B) is a 32-channel Network Video Recorder (NVR). IOActive had the opportunity to assess the DS-7732NI-I4 and identified one high-risk vulnerability. This issue could be exploited to cause a denial of service (DoS) to the device.

ADVISORIES | March 5, 2024

IOActive Security Advisory | Lamassu Douro Bitcoin ATM – Multiple Vulnerabilities

By Gabriel Gonzalez

Supporting security advisory/disclosure document (CVE-2024-0175, CVE-2024-0176 and CVE-2024-0177) supporting the Lamassu Douro Bitcoin ATM research by Gabriel Gonzalez, IOActive Director of Hardware Security.

IOActive had access to few of these machines, specifically to Lamassu’s Douro ATM. This provided the team with the opportunity to assess the security of these devices – more specifically, to attempt to gain full control over them – assuming the role of an attacker with the same physical access to the device that a regular customer might have.

Read the IOActive Security Advisory

ADVISORIES |

IOActive Security Advisory | Socomec NET VISION – Multiple Vulnerabilities

By Daniel Martinez

IOActive Security Advisory/Disclosure document (CVE TBA) by Daniel Martinez, IOActive Senior Security Consultant, of the multiple vulnerabilities discovered in the Socomec NET VISION devices.

Socomec, Inc. (Socomec) is an electrical equipment design and manufacturing company, specializing in low-voltage energy performance in terms of safety, service continuity, quality and energy efficiency. NET VISION is a professional network adapter for monitoring and controlling UPS units from a remote location. It allows direct connection of a UPS to the IPv4 or IPv6 Ethernet network, thereby enabling remote management of the UPS using a web browser, a TELNET interface, or an NMS application via SNMP protocol.

Get the IOActive Security Advisory