Denial-of-Service Vulnerability in Click Plus C2-03CPU-2 Device by AutomationDirect
CVE-2025-57882

8.2HIGH

Key Information:

Vendor: Automationdirect
Status: Click Plus C0-0x Cpu Firmware; Click Plus C0-1x Cpu Firmware; Click Plus C2-x Cpu Firmware
Vendor: CVE Published:; 23 September 2025

🔔 Create Automationdirect Vulnerability Alert

What is CVE-2025-57882?

An identified vulnerability in the Click Plus C2-03CPU-2 device, operating on firmware version 3.60, allows unauthorized individuals to conduct a denial-of-service attack. This occurs due to improper shutdown or release of resources, which enables attackers to overwhelm the Remote PLC application's device sessions, potentially leading to service disruptions and operational challenges.

Affected Version(s)

CLICK PLUS C0-0x CPU firmware 0

CLICK PLUS C0-1x CPU firmware 0

CLICK PLUS C2-x CPU firmware 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://www.automationdirect.com/support/software-downloads

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Sep 16, 2025

Credit

Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct.

JSON