AutomationDirect CLICK Programmable Logic Controller
Monitor6.1ICS-CERT ICSA-26-022-02Jan 22, 2026
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
AutomationDirect CLICK Programmable Logic Controller models C0-0x, C0-1x, and C2-x contain weaknesses in credential handling and encryption (CWE-261, CWE-256) that allow an attacker with local or remote access to impersonate users, escalate privileges, gain unauthorized access to systems and services, and decrypt sensitive data. The vulnerabilities may allow an attacker to execute unauthorized commands or access protected information on the device.
What this means
What could happen
An attacker with local access to a CLICK PLC could impersonate legitimate users, escalate privileges, and decrypt sensitive configuration or control data, potentially allowing unauthorized changes to process parameters or system commands.
Who's at risk
Water authorities, electric utilities, and other facilities operating AutomationDirect CLICK PLCs (C0-0x, C0-1x, C2-x series) for automation of pumps, motors, valves, and process control systems should review their exposure. Any facility using these controllers to manage critical operations is at risk.
How it could be exploited
An attacker with local access to the PLC (either physical or via remote login) could exploit weak credential handling or encryption mechanisms to bypass authentication checks and assume the identity of an authorized user. Once authenticated, the attacker could escalate privileges to modify PLC logic, alter safety setpoints, or access encrypted sensitive data stored on the device.
Prerequisites
- Local or remote access to the CLICK PLC
- Valid user-level credentials or ability to access the device's file system
- Knowledge of credential storage or encryption mechanisms used by the device
No patch available for most product variantsLocal access required but can be obtained via remote loginLow attack complexityAffects system confidentiality and integrity
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (3)
3 pending
ProductAffected VersionsFix Status
CLICK Programmable Logic Controller: C0-0xC0-0xNo fix yet
CLICK Programmable Logic Controller: C0-1xC0-1xNo fix yet
CLICK Programmable Logic Controller: C2-xC2-xNo fix yet
Remediation & Mitigation
0/7
Do now
0/4WORKAROUNDDisconnect CLICK PLC from external networks and the corporate LAN; operate only on isolated, dedicated internal networks or air-gapped systems
HARDENINGRestrict both physical and logical access to the PLC to authorized personnel only
HARDENINGConfigure application whitelisting to block unauthorized software from running on systems that interface with the PLC
HARDENINGEnable comprehensive logging on the PLC and systems connected to it; regularly review logs for suspicious or unauthorized activity
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate CLICK PLUS firmware to V3.90 or later
HARDENINGDeploy antivirus or EDR tools on systems connected to the PLC and configure host-based firewalls to block unauthorized access attempts
HARDENINGMaintain secure, tested backups of PLC firmware and configurations to enable rapid recovery in case of unauthorized modification
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f3d298d0-9a70-4eb7-861a-a7f4668e0484