Lucene search
+L

46 matches found

Cvelist
Cvelist
added 2025/09/23 10:15 p.m.10 views

CVE-2025-55069 AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the...

8.7CVSS0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/23 10:15 p.m.1 views

CVE-2025-55069 AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the...

8.7CVSS6.6AI score0.00287EPSS
Exploits0References2
CVE
CVE
added 2025/09/23 10:15 p.m.29 views

CVE-2025-55069

The affected product is AutomationDirect CLICK PLUS with firmware version 3.60 (Click Plus PLC). A root cause is a predictable seed in the pseudo-random number generator, which compromises the security of generated private keys. Practical impact is potential exposure or manipulation of cryptograp...

8.7CVSS6.6AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2025/09/23 10:15 p.m.6 views

CVE-2025-58069

The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...

6.9CVSS0.00244EPSS
Exploits0References2
NVD
NVD
added 2025/09/23 10:15 p.m.7 views

CVE-2025-59484

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

8.7CVSS0.00115EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/23 10:8 p.m.3 views

CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

8.7CVSS6.6AI score0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/23 10:8 p.m.8 views

CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

8.7CVSS0.00115EPSS
Exploits0References2
CVE
CVE
added 2025/09/23 10:8 p.m.15 views

CVE-2025-59484

CVE-2025-59484 affects AutomationDirect CLICK PLUS firmware 3.60, where an insecure RSA implementation enables use of a broken cryptographic algorithm. Public sources (NVD/Red Hat CVEs, CVE list, PT Security, and CISA advisory) describe the issue and confirm the affected device (Click Plus PLC) a...

8.7CVSS6.6AI score0.00115EPSS
Exploits0References2
CVE
CVE
added 2025/09/23 10:4 p.m.17 views

CVE-2025-58069

The CVE pertains to AutomationDirect CLICK PLUS firmware 3.60, where a hard-coded AES key is used to protect the initial messages of a new KOPS session. Root cause: hard-coded cryptographic key stored in the firmware. Impact: potential exposure of the cryptographic key and associated initial comm...

6.9CVSS6.6AI score0.00244EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/23 10:4 p.m.2 views

CVE-2025-58069 AutomationDirect CLICK PLUS Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...

6.9CVSS6.6AI score0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/23 10:4 p.m.8 views

CVE-2025-58069 AutomationDirect CLICK PLUS Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...

6.9CVSS0.00244EPSS
Exploits0References2
CVE
CVE
added 2025/09/23 10:1 p.m.17 views

CVE-2025-54855

CVE-2025-54855 affects AutomationDirect CLICK PLUS/Click Programming Software v3.60. Affected component: Click Programming Software; vulnerability: cleartext storage of sensitive information allowing a local user with file-system access (while an administrator is active) to steal credentials stor...

4.2CVSS5.9AI score0.00095EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/23 10:1 p.m.8 views

CVE-2025-54855 AutomationDirect CLICK PLUS Cleartext Storage of Sensitive Information

Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text...

4.2CVSS0.00095EPSS
Exploits0References2
CISA
CISA
added 2025/09/23 12:0 p.m.6 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on September 23, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-266-01 AutomationDirect CLICK PLUS ICSA-25-266-02 Mitsubishi Electric MELSEC-Q Serie...

6.6AI score
Exploits0References6
ICS
ICS
added 2025/09/23 6:0 a.m.6 views

AutomationDirect CLICK PLUS

RISK EVALUATION Successful exploitation of these vulnerabilities disclose sensitive information, modify device settings, escalate privileges, or cause a denial-of-service condition on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...

6.7AI score
Exploits0References13
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.3 views

AutomationDirect CLICK PLUS 安全漏洞

The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from improper authorization of the KOPR protocol, and could result in a low-privileged user overstepping...

7.6CVSS6.5AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.6 views

PT-2025-39226

Name of the Vulnerable Software and Affected Versions Click Plus C2-03CPU2 version 3.60 Description An authorization bypass exists in the Click Plus C2-03CPU2 device firmware. An authenticated user with low-level access can exploit this issue through the KOPR protocol, used by the Remote PLC...

7.6CVSS6.2AI score0.00237EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.5 views

AutomationDirect CLICK PLUS 安全漏洞

AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60 that originates from improper resource shutdown or release and could lead to a denial of service attack...

8.2CVSS6.4AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.3 views

AutomationDirect CLICK PLUS 安全漏洞

The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from the use of a hard-coded AES key in the firmware to protect the initial message of a KOPS session, whic...

6.9CVSS6.5AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.4 views

AutomationDirect CLICK PLUS 安全漏洞

AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60 that originates from improper resource shutdown or release and could lead to a denial of service attack...

8.2CVSS6.4AI score0.00326EPSS
Exploits0References2
Rows per page
Query Builder