User Impersonation Vulnerability in Secure Project Management Software by Vendor X
CVE-2025-67652

6.1MEDIUM

Key Information:

Vendor: Automationdirect
Status: Click Programmable Logic Controller
Vendor: CVE Published:; 22 January 2026

🔔 Create Automationdirect Vulnerability Alert

What is CVE-2025-67652?

A vulnerability exists in Vendor X's Secure Project Management Software that allows attackers with access to project files to leverage exposed credentials. This can facilitate user impersonation, privilege escalation, or unauthorized access to sensitive systems and services. The lack of adequate encryption and secure handling of user credentials further amplifies the risk of exploit, increasing the potential for data breaches and unauthorized activities.

Affected Version(s)

CLICK Programmable Logic Controller C0-0x

CLICK Programmable Logic Controller C0-1x

CLICK Programmable Logic Controller C2-x

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Dec 9, 2025

Credit

Dylan Chambers Bourgeois of Triskele Labs reported these vulnerabilities to CISA

CVE-2025-67652 Data

JSON