AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password

6.1 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Description

An attacker with access to the project file could use the exposed
credentials to impersonate users, escalate privileges, or gain
unauthorized access to systems and services. The absence of robust
encryption or secure handling mechanisms increases the likelihood of
this type of exploitation, leaving sensitive information more
vulnerable.

Basic Information

ID CVE-2025-67652

Source icscert

Published Jan 22, 2026 at 22:17

Modified Jan 23, 2026 at 20:15

Affected Product

Vendor AutomationDirect

Product CLICK Programmable Logic Controller

Version C0-0x

Affected Versions AutomationDirect CLICK Programmable Logic Controller C0-0x
AutomationDirect CLICK Programmable Logic Controller C0-1x
AutomationDirect CLICK Programmable Logic Controller C2-x

CWE Classification

CWE-261

References

{
    "lastseen": "",
    "description": "An attacker with access to the project file could use the exposed \ncredentials to impersonate users, escalate privileges, or gain \nunauthorized access to systems and services. The absence of robust \nencryption or secure handling mechanisms increases the likelihood of \nthis type of exploitation, leaving sensitive information more \nvulnerable.",
    "published": "2026-01-22T22:17:53.763Z",
    "modified": "2026-01-23T20:15:30.472Z",
    "type": "cve",
    "title": "AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json",
    "id": "CVE-2025-67652",
    "bulletinFamily": "",
    "cwe": [
        "CWE-261"
    ],
    "cvelist": null,
    "sourceData": "AutomationDirect CLICK Programmable Logic Controller C0-0x\nAutomationDirect CLICK Programmable Logic Controller C0-1x\nAutomationDirect CLICK Programmable Logic Controller C2-x",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CLICK Programmable Logic Controller",
    "version": "C0-0x",
    "vendor": "AutomationDirect",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password_CVE-2025-67652