Primary

Context

AutomationDirect Click Plus PLC Hard-Coded Cryptographic Key Vulnerability

Vulnerability

Patched

A vulnerability exists in AutomationDirect Click Plus PLC firmware version 3.60, where a hard-coded AES key is used to secure initial messages in a new KOPS session. This flaw allows for potential unauthorized access or manipulation of session data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to session data, allowing for interception or manipulation of communications within the KOPS session.

Remediation

Users are advised to update the Click Plus PLC firmware to version 3.80. If an immediate update is not possible, it is recommended to isolate the PLC from external networks, restrict access to authorized personnel, and use secure internal communications.

Added: Sep 23, 2025, 10:18 PM

Updated: Sep 23, 2025, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

7.9

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

7.9

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AutomationDirect Click Plus PLC Hard-Coded Cryptographic Key Vulnerability

Vulnerability

Impact

Remediation

Affected Products

AutomationDirect Click Plus C0-0x CPU

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating