CVE-2025-55069

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the...

CVE-2025-58473

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions of the Click...

CVE-2025-57882

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in the Remote PLC...

CVE-2025-57882 AutomationDirect CLICK PLUS Improper Resource Shutdown or Release

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in the Remote PLC...

CVE-2025-55069

The affected product is AutomationDirect CLICK PLUS with firmware version 3.60 (Click Plus PLC). A root cause is a predictable seed in the pseudo-random number generator, which compromises the security of generated private keys. Practical impact is potential exposure or manipulation of cryptograp...

CVE-2025-55069 AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the...

CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

PT-2025-39227

Name of the Vulnerable Software and Affected Versions Click Plus C2-03CPU-2 version 3.60 Description An improper resource shutdown or release issue exists in the Click Plus C2-03CPU-2 device. An unauthenticated attacker can cause a denial-of-service by exhausting all available device sessions...

PT-2025-39223

Name of the Vulnerable Software and Affected Versions Click Plus PLC version 3.60 Description A hard-coded cryptographic key is present in firmware version 3.60 of the Click Plus PLC. This key, an AES key, is used to protect the initial messages of a new KOPS session. Recommendations At the momen...

Canon Multiple Products Buffer Error Vulnerability

Canon Color imageCLASS is a series of printers from Canon Japan. A security vulnerability exists in several Canon products. The vulnerability can be exploited by an attacker to execute arbitrary code. The following products and versions are affected: Satera LBP670C Series, Satera MF750C Series...

CVE-2023-23325

Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter...

CVE-2023-45194

Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 -D/-K/-S/-DK/-DKS/-M/-W firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communicati...

SUSE CVE-2015-2907

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...

CVE-2021-46559

The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection...

CVE-2021-45591

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6...

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three securi...

CVE-2020-15046

The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/configuser.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88...

CVE-2019-6176

A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service...

Schneider Electric Modicon M340 and Modicon M580 Denial of Service Vulnerability

The Schneider Electric Modicon M580 and Schneider Electric Modicon M340 are both products of the French company Schneider Electric.The Schneider Electric Modicon M580 is a programmable automation The Schneider Electric Modicon M580 is a programmable automation controller, and the Schneider Electr...