PT-2022-10172 · Automationdirect · Automation Direct Click Plc Cpu Modules

Adeen Ayub

Published

2022-04-04

Updated

2022-04-13

CVE-2021-32978

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Automation Direct CLICK PLC CPU Modules: C0-1x CPUs versions prior to v3.00

Description The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock the device.

Recommendations For Automation Direct CLICK PLC CPU Modules: C0-1x CPUs versions prior to v3.00, update the firmware to version v3.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the programming protocol to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-256

Related Identifiers

CVE-2021-32978

Affected Products

Automation Direct Click Plc Cpu Modules

PT-2022-10172 · Automationdirect · Automation Direct Click Plc Cpu Modules

CVE-2021-32978

Weakness Enumeration

Related Identifiers

Affected Products

References · 4