CVE-2025-57882 AutomationDirect CLICK PLUS Improper Resource Shutdown or Release

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in the Remote PLC...

CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

CVE-2025-54855

CVE-2025-54855 affects AutomationDirect CLICK PLUS/Click Programming Software v3.60. Affected component: Click Programming Software; vulnerability: cleartext storage of sensitive information allowing a local user with file-system access (while an administrator is active) to steal credentials stor...

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on September 23, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-266-01 AutomationDirect CLICK PLUS ICSA-25-266-02 Mitsubishi Electric MELSEC-Q Serie...

AutomationDirect CLICK PLUS

RISK EVALUATION Successful exploitation of these vulnerabilities disclose sensitive information, modify device settings, escalate privileges, or cause a denial-of-service condition on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...

AutomationDirect CLICK PLUS 安全漏洞

The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from the use of a hard-coded AES key in the firmware to protect the initial message of a KOPS session, whic...

AutomationDirect CLICK PLUS 安全漏洞

The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version v3.60, which originates from storing sensitive information in clear text and could lead to the theft of credentials by a loca...

AutomationDirect CLICK PLUS 安全漏洞

AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from the use of predictable seeds in the pseudo-random number generator, which could lead to compromised securi...

AutomationDirect CLICK PLUS 安全漏洞

The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from improper authorization of the KOPR protocol, and could result in a low-privileged user overstepping...

AutomationDirect CLICK PLUS 安全漏洞

AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60 that originates from improper resource shutdown or release and could lead to a denial of service attack...