255 matches found
EUVD-2024-22319
Malicious code in bioql PyPI...
EUVD-2024-22309
Malicious code in bioql PyPI...
EUVD-2024-22484
Malicious code in bioql PyPI...
EUVD-2022-34310
Malicious code in bioql PyPI...
CVE-2025-57882 AutomationDirect CLICK PLUS Improper Resource Shutdown or Release
An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in the Remote PLC...
CVE-2025-57882
CVE-2025-57882 affects the Click Plus C2-03CPU-2 device with firmware 3.60. It describes an improper resource shutdown/release that allows an unauthenticated attacker to cause a denial-of-service by exhausting all sessions in the Remote PLC application. Public documents confirm the issue and deta...
CVE-2025-55038 AutomationDirect CLICK PLUS Missing Authorization
An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variabl...
CVE-2025-58473
CVE-2025-58473 affects the Click Plus C2-03CPU-2 device running firmware 3.60. An unauthenticated attacker can trigger a denial-of-service by exhausting all device sessions in the Click Programming Software. Connected sources confirm the vulnerability type (improper resource shutdown/release) and...
CVE-2025-58473 AutomationDirect CLICK PLUS Improper Resource Shutdown or Release
An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions of the Click...
CVE-2025-58473 AutomationDirect CLICK PLUS Improper Resource Shutdown or Release
An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions of the Click...
CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...
CVE-2025-58069 AutomationDirect CLICK PLUS Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...
CVE-2025-54855
CVE-2025-54855 affects AutomationDirect CLICK PLUS/Click Programming Software v3.60. Affected component: Click Programming Software; vulnerability: cleartext storage of sensitive information allowing a local user with file-system access (while an administrator is active) to steal credentials stor...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on September 23, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-266-01 AutomationDirect CLICK PLUS ICSA-25-266-02 Mitsubishi Electric MELSEC-Q Serie...
AutomationDirect CLICK PLUS
RISK EVALUATION Successful exploitation of these vulnerabilities disclose sensitive information, modify device settings, escalate privileges, or cause a denial-of-service condition on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...
AutomationDirect CLICK PLUS 安全漏洞
The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from the use of a hard-coded AES key in the firmware to protect the initial message of a KOPS session, whic...
AutomationDirect CLICK PLUS 安全漏洞
The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version v3.60, which originates from storing sensitive information in clear text and could lead to the theft of credentials by a loca...
AutomationDirect CLICK PLUS 加密问题漏洞
AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. An encryption issue vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from the use of an insecure RSA encryption algorithm implementation...
AutomationDirect CLICK PLUS 安全漏洞
AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from the use of predictable seeds in the pseudo-random number generator, which could lead to compromised securi...
AutomationDirect CLICK PLUS 安全漏洞
The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from improper authorization of the KOPR protocol, and could result in a low-privileged user overstepping...