CVE-2025-25051
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AutomationDirect | CLICK Programmable Logic Controller | C0-0x | affected |
| AutomationDirect | CLICK Programmable Logic Controller | C0-1x | affected |
| AutomationDirect | CLICK Programmable Logic Controller | C2-x | affected |
| AutomationDirect | CLICK Programmable Logic Controller | V3.90 | unaffected |
Weaknesses
- CWE-256: CWE-256
Workarounds
If the update cannot be applied right away, the following compensating controls are recommended until the upgrade can be performed:
- Network Isolation – Disconnect the CLICK PLUS PLC from external networks (e.g., the internet or corporate LAN) to reduce exposure.
- Secure Communications – Use only trusted, dedicated internal networks or air-gapped systems for device communication.
- Access Control – Restrict both physical and logical access to authorized personnel only.
- Application Whitelisting – Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.
- Endpoint Protection – Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.
- Logging & Monitoring – Enable and regularly review system logs to detect suspicious or unauthorized activity.
- Backup & Recovery – Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.
- Ongoing Risk Assessment – Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.