AutomationDirect CLICK PLUS

Plan PatchCVSS 8.3ICS-CERT ICSA-25-266-01Sep 23, 2025

AutomationDirect

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

CLICK PLUS CPU firmware versions prior to v3.80 contain multiple cryptographic and authentication vulnerabilities (CWE-312, CWE-321, CWE-327, CWE-337, CWE-404, CWE-862) that allow attackers to disclose sensitive information, modify device settings, escalate privileges, or cause denial-of-service. The vulnerabilities are remotely exploitable with no authentication required and low attack complexity.

What this means

What could happen

An attacker could remotely gain control of your CLICK PLUS PLC, modify setpoints or process configurations, escalate privileges to administrative level, or crash the device causing a temporary loss of control over connected equipment.

Who's at risk

Water utilities, electric utilities, and manufacturing facilities using AutomationDirect CLICK PLUS PLCs for process control, pump operation, valve control, or other automated functions should prioritize this update. The vulnerability affects the programmable logic controller (PLC) CPU itself, so any facility relying on these units for critical operations is at risk.

How it could be exploited

An attacker on your network or the internet can connect to the CLICK PLUS CPU on its network interface and exploit weak cryptographic protections or missing authentication checks to extract sensitive data, alter settings, or trigger a denial-of-service condition without needing valid credentials.

Prerequisites

Network access to CLICK PLUS CPU network interface (typically port 502 or web interface port)
No valid credentials required

remotely exploitableno authentication requiredlow complexityaffects safety systemshigh CVSS score (8.3)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

CLICK PLUS C2-x CPU firmware: <v3.71<v3.71v3.80

CLICK PLUS C0-0x CPU firmware: <v3.71<v3.71v3.80

CLICK PLUS C0-1x CPU firmware: <v3.71<v3.71v3.80

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDDisconnect CLICK PLUS devices from external networks (internet and corporate LAN) until firmware update is applied

HARDENINGRestrict logical and physical access to CLICK PLUS PLCs to authorized personnel only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CLICK PLUS firmware to v3.80 or later on all affected C2-x, C0-0x, and C0-1x CPU units

HARDENINGIsolate CLICK PLUS devices behind a firewall and on a dedicated, air-gapped internal network separate from business networks

HARDENINGEnable logging and monitoring on CLICK PLUS devices and regularly review system logs for suspicious activity

Long-term hardening

0/1

HARDENINGCreate and test secure backups of CLICK PLUS configurations and restore procedures to enable rapid recovery if device is compromised

CVEs (7)

CVE-2025-54855 CVE-2025-58069 CVE-2025-59484 CVE-2025-55069 CVE-2025-58473 CVE-2025-55038 CVE-2025-57882

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/695f9c08-7145-454a-bb03-950427f56a36

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.