CVE-2025-59484
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Summary
The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AutomationDirect | CLICK PLUS C0-0x CPU firmware | 0 < v3.71 | affected |
| AutomationDirect | CLICK PLUS C0-1x CPU firmware | 0 < v3.71 | affected |
| AutomationDirect | CLICK PLUS C2-x CPU firmware | 0 < v3.71 | affected |
Weaknesses
- CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01
- https://www.automationdirect.com/support/software-downloads
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.