AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Description

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm.

Basic Information

ID CVE-2025-59484

Source icscert

Published Sep 23, 2025 at 22:08

Affected Product

Vendor AutomationDirect

Product CLICK PLUS C0-0x CPU firmware

Affected Versions AutomationDirect CLICK PLUS C0-0x CPU firmware 0
AutomationDirect CLICK PLUS C0-1x CPU firmware 0
AutomationDirect CLICK PLUS C2-x CPU firmware 0

CWE Classification

CWE-327

References

{
    "lastseen": "",
    "description": "The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm.",
    "published": "2025-09-23T22:08:40.744Z",
    "modified": "2025-09-23T22:08:40.744Z",
    "type": "cve",
    "title": "AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01\nhttps://www.automationdirect.com/support/software-downloads",
    "id": "CVE-2025-59484",
    "bulletinFamily": "",
    "cwe": [
        "CWE-327"
    ],
    "cvelist": null,
    "sourceData": "AutomationDirect CLICK PLUS C0-0x CPU firmware 0\nAutomationDirect CLICK PLUS C0-1x CPU firmware 0\nAutomationDirect CLICK PLUS C2-x CPU firmware 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CLICK PLUS C0-0x CPU firmware",
    "version": "0",
    "vendor": "AutomationDirect",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm_CVE-2025-59484