Automation Direct CLICK PLC CPU Modules

Plan PatchCVSS 9.8ICS-CERT ICSA-21-166-02Jun 15, 2021

AutomationDirectManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

AutomationDirect CLICK PLC CPU modules with firmware prior to v3.00 contain vulnerabilities in authentication and credential protection. Weak authentication mechanisms (CWE-288) and unencrypted password storage and transmission (CWE-319, CWE-256) allow attackers to obtain valid user credentials or bypass authentication to access the PLC programming interface. Successful exploitation could allow an attacker to log in as a currently or previously authenticated user or discover passwords for valid users, enabling unauthorized PLC modification or operation control.

What this means

What could happen

An attacker with network access to the PLC could log in as a legitimate user or recover user passwords, allowing them to reprogram the PLC logic, modify control setpoints, or halt operations.

Who's at risk

Manufacturing facilities running AutomationDirect CLICK PLC CPU modules for process control, equipment automation, and logic execution. This includes any plant using these PLCs for pump control, valve regulation, motor sequences, or safety logic.

How it could be exploited

An attacker on the network sends credentials or password recovery requests to the CLICK PLC CPU module. Due to weak authentication (CWE-288) and unencrypted password storage or transmission (CWE-319, CWE-256), the attacker can obtain valid user credentials or bypass authentication to access the programming interface.

Prerequisites

Network access to the CLICK PLC CPU module port
The PLC module is running firmware prior to v3.00
No network segmentation isolating the PLC from attacker-reachable networks

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS (9.8)Default or weak credentials likely usedAffects control logic and process operations

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

CLICK PLC CPU Modules: C0-1x CPUs with All firmware prior to v3.00<v3.00No fix yet

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate the PLC network from the business network with a firewall; restrict access to authorized engineering workstations only

HARDENINGBlock all external Internet access to the PLC; if remote access is required, use a VPN with current security patches

WORKAROUNDEnforce strong passwords and change any credentials that may have been exposed on vulnerable firmware versions

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CLICK PLC CPU module firmware to Version 3.00 or later

CVEs (5)

CVE-2021-32980 CVE-2021-32984 CVE-2021-32986 CVE-2021-32982 CVE-2021-32978

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d70f2f31-7247-41ff-b48a-2301a6cbe215

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.