CVE-2025-54855

Summary

Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text.

Affected Software

VendorProductVersion RangeStatus
AutomationDirectCLICK PLUS C0-0x CPU firmware0 < v3.71affected
AutomationDirectCLICK PLUS C0-1x CPU firmware0 < v3.71affected
AutomationDirectCLICK PLUS C2-x CPU firmware0 < v3.71affected

Weaknesses

  • CWE-312: CWE-312 Cleartext Storage of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References