CVE-2025-62498 AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal ZipSlip vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened...

EUVD-2021-19699

Malware in sbrugna...

EUVD-2021-19705

Malware in sbrugna...

EUVD-2021-19703

Malware in sbrugna...

CVE-2021-32984

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers PLCs and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the...

CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

Authentication flaw

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

Buffer overflow

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange...

Authorization

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...

Authentication flaw

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...

CVE-2021-32982

Automation Direct CLICK PLC CPU Modules (C0-1x CPUs) with firmware

CVE-2021-32982 Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange...

CVE-2021-32986

The CVE affects Automation Direct CLICK PLC CPU Modules (C0-1x CPUs) with firmware prior to v3.00. The vulnerability is an authentication bypass where, once an authorized user unlocks the PLC, the unlocked state does not timeout and remains usable if the programming software is interrupted; all s...

CVE-2021-32986 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...

CVE-2021-32984

CVE-2021-32984 affects Automation Direct CLICK PLC CPU Modules (C0-1x) with firmware prior to v3.00. Root cause: after an authorized unlock, all programming connections share unlocked privileges, enabling read/access to the project over the network. Impact: privilege escalation and unauthorized p...

CVE-2021-32984 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...