CVE-2021-32980— Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-32980
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
Source: NVD (National Vulnerability Database)
Vulnerability Description
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选路径或通道进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
CLICK PLC CPU Modules 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CLICK PLC CPU Modules是Automation Direct的网络设备一个 CLICK CPU 模块最多可以连接 8 个 I/O 模块,以扩展系统 I/O 数量并满足特定应用的需要。 Automation Direct CLICK PLC CPU Modules 中存在授权问题漏洞,该漏洞源于固件不能防止额外的软件编程连接。攻击者可利用该漏洞可以在现有连接处于活动状态时连接到PLC。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs | unspecified ~ 3.00 | - |
II. Public POCs for CVE-2021-32980
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-32980
请登录查看更多情报信息。
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-32980
Same Patch Batch · Automation Direct · 2022-04-04 · 5 CVEs total
| CVE-2021-32984 | 9.8 CRITICAL | Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or C |
| CVE-2021-32986 | 9.8 CRITICAL | Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or C |
| CVE-2021-32978 | 7.5 HIGH | Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password |
| CVE-2021-32982 | 7.5 HIGH | Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information |
IV. Related Vulnerabilities
Same product: CLICK PLC CPU Modules: C0-1x CPUs
Same vendor: Automation Direct
Same weakness: CWE-288
- CVE-2026-41308
Password Pusher: JSON API `/p.json` file upload alias bypass - CVE-2026-7458
User Verification by PickPlugins <= 2.0.46 - Unauthenticated - CVE-2026-7567
Temporary Login <= 1.0.0 - Authentication Bypass to Account - CVE-2026-40022
Apache Camel Platform HTTP Main: Authentication Bypass on No - CVE-2026-40630
SenseLive X3050 Authentication bypass using an alternate pat
V. Comments for CVE-2021-32980
No comments yet