Adeen Ayub

**Name of the Vulnerable Software and Affected Versions** Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) (affected versions not specified) **Description** A Channel Accessible by Non-Endpoint issue could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Automation Direct CLICK PLC CPU Modules: C0-1x CPUs versions prior to v3.00 **Description** The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock the device. **Recommendations** For Automation Direct CLICK PLC CPU Modules: C0-1x CPUs versions prior to v3.00, update the firmware to version v3.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the programming protocol to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Automation Direct CLICK PLC CPU Modules versions prior to v3.00 **Description** The issue allows an attacker to connect to the PLC while an existing connection is already active, due to insufficient protection against additional software programming connections. **Recommendations** For versions prior to v3.00, update the firmware to version v3.00 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Automation Direct CLICK PLC CPU Modules: C0-1x CPUs versions prior to v3.00 **Description** The issue allows an attacker to connect to the PLC and read the project without authorization during the time it is unlocked by an authorized user, resulting in a privilege escalation. This occurs because all programming connections receive the same unlocked privileges. **Recommendations** For Automation Direct CLICK PLC CPU Modules: C0-1x CPUs versions prior to v3.00, update the firmware to version v3.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the PLC when it is unlocked by an authorized user to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Automation Direct CLICK PLC CPU Modules: C0-1x CPUs versions prior to v3.00 **Description** The issue arises when an authorized user unlocks the Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00. The unlocked state does not timeout, and if the programming software is interrupted, the PLC remains unlocked, allowing all subsequent programming connections without authorization. The PLC is only relocked by a power cycle or when the programming software disconnects correctly. **Recommendations** For versions prior to v3.00, update the firmware to v3.00 or later to resolve the issue. As a temporary workaround, consider performing a power cycle after each use of the programming software to ensure the PLC is relocked. Additionally, ensure the programming software disconnects correctly to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Automation Direct CLICK PLC CPU Modules versions prior to v3.00 **Description** The issue concerns the transmission of passwords in plaintext during unlocking and project transfers for Automation Direct CLICK PLC CPU Modules. An attacker with network visibility can observe the password exchange. **Recommendations** For versions prior to v3.00, update the firmware to version v3.00 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Micro800 versions All MicroLogix 1400 versions 21 and later **Description** This issue allows an attacker to intercept and replace a legitimate new password hash with an illegitimate one during an authenticated password change request. This results in a denial-of-service condition, where the user can no longer authenticate to the controller. **Recommendations** For Micro800, to resolve the issue, update to a version that includes the fix for this problem, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For MicroLogix 1400 versions 21 and later, consider applying configuration changes or workarounds to minimize the risk of exploitation, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.