← back
CVE-2025-59484

AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

CVSS 8.7 HIGHEPSS 0.1%CWE-327
The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Affected products
AutomationDirect · CLICK PLUS C0-0x CPU firmwareAutomationDirect · CLICK PLUS C0-1x CPU firmwareAutomationDirect · CLICK PLUS C2-x CPU firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.automationdirect.com/support/software-downloadshttps://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01