CVE-2025-67652

AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password

CVSS 6.1 MEDIUMEPSS 0.1%CWE-261

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leaving sensitive information more vulnerable.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Affected products

AutomationDirect · CLICK Programmable Logic Controller

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02