CVE-2025-55069

Summary

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.

Affected Software

VendorProductVersion RangeStatus
AutomationDirectCLICK PLUS C0-0x CPU firmware0 < v3.71affected
AutomationDirectCLICK PLUS C0-1x CPU firmware0 < v3.71affected
AutomationDirectCLICK PLUS C2-x CPU firmware0 < v3.71affected

Weaknesses

  • CWE-337: CWE-337 Predictable Seed in Pseudo-Random Number Generator

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References