Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-54855— AutomationDirect CLICK PLUS Cleartext Storage of Sensitive Information

CVSS 4.2 · Medium EPSS 0.01% · P0
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-54855

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
AutomationDirect CLICK PLUS Cleartext Storage of Sensitive Information
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文存储
Source: NVD (National Vulnerability Database)
Vulnerability Title
AutomationDirect CLICK PLUS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AutomationDirect CLICK PLUS是美国AutomationDirect公司的一款小型可编程逻辑控制器。 AutomationDirect CLICK PLUS v3.60版本存在安全漏洞,该漏洞源于明文存储敏感信息,可能导致本地用户窃取凭据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AutomationDirectCLICK PLUS C0-0x CPU firmware 0 ~ v3.71 -
AutomationDirectCLICK PLUS C0-1x CPU firmware 0 ~ v3.71 -
AutomationDirectCLICK PLUS C2-x CPU firmware 0 ~ v3.71 -

II. Public POCs for CVE-2025-54855

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-54855

登录查看更多情报信息。

Same Patch Batch · AutomationDirect · 2025-09-23 · 7 CVEs total

CVE-2025-550698.3 HIGHAutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator
CVE-2025-594848.3 HIGHAutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-550386.8 MEDIUMAutomationDirect CLICK PLUS Missing Authorization
CVE-2025-584735.9 MEDIUMAutomationDirect CLICK PLUS Improper Resource Shutdown or Release
CVE-2025-578825.9 MEDIUMAutomationDirect CLICK PLUS Improper Resource Shutdown or Release
CVE-2025-580695.3 MEDIUMAutomationDirect CLICK PLUS Use of Hard-coded Cryptographic Key

IV. Related Vulnerabilities

Same product: CLICK PLUS C0-0x CPU firmware
Same vendor: AutomationDirect
Same weakness: CWE-312

V. Comments for CVE-2025-54855

No comments yet

Leave a comment