46 matches found
CVE-2025-55069 AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator
A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the...
CVE-2025-55069 AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator
A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the...
CVE-2025-55069
The affected product is AutomationDirect CLICK PLUS with firmware version 3.60 (Click Plus PLC). A root cause is a predictable seed in the pseudo-random number generator, which compromises the security of generated private keys. Practical impact is potential exposure or manipulation of cryptograp...
CVE-2025-58069
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...
CVE-2025-59484
The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...
CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...
CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...
CVE-2025-59484
CVE-2025-59484 affects AutomationDirect CLICK PLUS firmware 3.60, where an insecure RSA implementation enables use of a broken cryptographic algorithm. Public sources (NVD/Red Hat CVEs, CVE list, PT Security, and CISA advisory) describe the issue and confirm the affected device (Click Plus PLC) a...
CVE-2025-58069
The CVE pertains to AutomationDirect CLICK PLUS firmware 3.60, where a hard-coded AES key is used to protect the initial messages of a new KOPS session. Root cause: hard-coded cryptographic key stored in the firmware. Impact: potential exposure of the cryptographic key and associated initial comm...
CVE-2025-58069 AutomationDirect CLICK PLUS Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...
CVE-2025-58069 AutomationDirect CLICK PLUS Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...
CVE-2025-54855
CVE-2025-54855 affects AutomationDirect CLICK PLUS/Click Programming Software v3.60. Affected component: Click Programming Software; vulnerability: cleartext storage of sensitive information allowing a local user with file-system access (while an administrator is active) to steal credentials stor...
CVE-2025-54855 AutomationDirect CLICK PLUS Cleartext Storage of Sensitive Information
Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on September 23, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-266-01 AutomationDirect CLICK PLUS ICSA-25-266-02 Mitsubishi Electric MELSEC-Q Serie...
AutomationDirect CLICK PLUS
RISK EVALUATION Successful exploitation of these vulnerabilities disclose sensitive information, modify device settings, escalate privileges, or cause a denial-of-service condition on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...
AutomationDirect CLICK PLUS 安全漏洞
The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from improper authorization of the KOPR protocol, and could result in a low-privileged user overstepping...
PT-2025-39226
Name of the Vulnerable Software and Affected Versions Click Plus C2-03CPU2 version 3.60 Description An authorization bypass exists in the Click Plus C2-03CPU2 device firmware. An authenticated user with low-level access can exploit this issue through the KOPR protocol, used by the Remote PLC...
AutomationDirect CLICK PLUS 安全漏洞
AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60 that originates from improper resource shutdown or release and could lead to a denial of service attack...
AutomationDirect CLICK PLUS 安全漏洞
The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from the use of a hard-coded AES key in the firmware to protect the initial message of a KOPS session, whic...
AutomationDirect CLICK PLUS 安全漏洞
AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60 that originates from improper resource shutdown or release and could lead to a denial of service attack...