Predictable Seed Vulnerability in Click Plus PLC Firmware by AutomationDirect
CVE-2025-55069

8.7HIGH

Key Information:

Vendor: Automationdirect
Status: Click Plus C0-0x Cpu Firmware; Click Plus C0-1x Cpu Firmware; Click Plus C2-x Cpu Firmware
Vendor: CVE Published:; 23 September 2025

🔔 Create Automationdirect Vulnerability Alert

What is CVE-2025-55069?

A vulnerability has been identified in the Click Plus PLC firmware version 3.60, where the pseudo-random number generator utilizes a predictable seed. This flaw undermines the generation of private keys, posing significant security risks. Attackers can exploit this behavior to gain unauthorized access or manipulate systems relying on these compromised keys. It is crucial for users and administrators to remain vigilant and update to more secure firmware versions as they become available.

Affected Version(s)

CLICK PLUS C0-0x CPU firmware 0

CLICK PLUS C0-1x CPU firmware 0

CLICK PLUS C2-x CPU firmware 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://www.automationdirect.com/support/software-downloads

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Sep 16, 2025

Credit

Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct.

JSON