← volver
CVE-2025-55038

AutomationDirect CLICK PLUS Missing Authorization

CVSS 7.6 HIGHEPSS 0.2%CWE-862
An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variables beyond their intended authorization level.
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
AutomationDirect · CLICK PLUS C0-0x CPU firmwareAutomationDirect · CLICK PLUS C0-1x CPU firmwareAutomationDirect · CLICK PLUS C2-x CPU firmware

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.automationdirect.com/support/software-downloadshttps://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01