Lucene search
IcscertCVELIST:CVE-2021-32982HistoryApr 04, 2022 - 7:45 p.m.
CVE-2021-32982 Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information
2022-04-0419:45:57
CWE-319
icscert
www.cve.org
3
cve-2021-32982
automation direct
click plc
cleartext transmission
sensitive information
c0-1x cpus
firmware
password exchange
network visibility
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
50.5%
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.
CNA Affected
[
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-32982
2022-04-04 20:15:09
prion
prion
Buffer overflow
2022-04-04 20:15:00
cve
cve
CVE-2021-32982
2022-04-04 20:15:09
ics
ics
Automation Direct CLICK PLC CPU Modules
2021-06-15 12:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
50.5%
Related for CVELIST:CVE-2021-32982