CVE-2025-55038

AutomationDirect CLICK PLUS Missing Authorization

CVSS 7.6 HIGHEPSS 0.2%CWE-862

An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variables beyond their intended authorization level.

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Produtos afetados

AutomationDirect · CLICK PLUS C0-0x CPU firmware AutomationDirect · CLICK PLUS C0-1x CPU firmware AutomationDirect · CLICK PLUS C2-x CPU firmware

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01