Cleartext Storage Vulnerability in Click Programming Software by AutomationDirect
CVE-2025-54855

4.1MEDIUM

Key Information:

Vendor: Automationdirect
Status: Click Plus C0-0x Cpu Firmware; Click Plus C0-1x Cpu Firmware; Click Plus C2-x Cpu Firmware
Vendor: CVE Published:; 23 September 2025

🔔 Create Automationdirect Vulnerability Alert

What is CVE-2025-54855?

A vulnerability exists in Click Programming Software version 3.60, where sensitive information, including credentials, is stored in cleartext. This security issue can be exploited by local users who have access to the file system, posing a risk to data confidentiality if an administrator session is active. Proper measures should be taken to ensure sensitive information is encrypted and securely handled to mitigate risks associated with unauthorized access.

Affected Version(s)

CLICK PLUS C0-0x CPU firmware 0

CLICK PLUS C0-1x CPU firmware 0

CLICK PLUS C2-x CPU firmware 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://www.automationdirect.com/support/software-downloads

CVSS V4

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Sep 16, 2025

Credit

Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct.

JSON