SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.
Credits
Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez.
