4 matches found
CVE-2025-58069
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...
CVE-2025-55038
An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variabl...
CVE-2025-55038 AutomationDirect CLICK PLUS Missing Authorization
An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variabl...
CVE-2025-58069
The CVE pertains to AutomationDirect CLICK PLUS firmware 3.60, where a hard-coded AES key is used to protect the initial messages of a new KOPS session. Root cause: hard-coded cryptographic key stored in the firmware. Impact: potential exposure of the cryptographic key and associated initial comm...