CVE-2025-59484

AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

CVSS 8.7 HIGHEPSS 0.1%CWE-327

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Produtos afetados

AutomationDirect · CLICK PLUS C0-0x CPU firmware AutomationDirect · CLICK PLUS C0-1x CPU firmware AutomationDirect · CLICK PLUS C2-x CPU firmware

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01