Risky Cryptographic Algorithm in Click Plus PLC Firmware by AutomationDirect
CVE-2025-59484

8.7HIGH

Key Information:

Vendor: Automationdirect
Status: Click Plus C0-0x Cpu Firmware; Click Plus C0-1x Cpu Firmware; Click Plus C2-x Cpu Firmware
Vendor: CVE Published:; 23 September 2025

🔔 Create Automationdirect Vulnerability Alert

What is CVE-2025-59484?

A vulnerability has been identified in the firmware of Click Plus PLC by AutomationDirect, specifically in version 3.60, which employs a flawed implementation of the RSA encryption algorithm. This security flaw can be exploited by attackers, potentially allowing unauthorized access to sensitive data or systems that rely on this firmware. Organizations using this PLC product should take immediate actions to assess their security posture and implement recommended updates to mitigate the risks associated with this vulnerable cryptographic algorithm.

Affected Version(s)

CLICK PLUS C0-0x CPU firmware 0

CLICK PLUS C0-1x CPU firmware 0

CLICK PLUS C2-x CPU firmware 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://www.automationdirect.com/support/software-downloads

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Sep 16, 2025

Credit

Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct.

JSON