Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

AutomationDirect — Vulnerabilities & Security Advisories 49

Browse all 49 CVE security advisories affecting AutomationDirect. AI-powered Chinese analysis, POCs, and references for each vulnerability.

AutomationDirect operates as a provider of industrial automation components, including programmable logic controllers, human-machine interfaces, and motion control systems, primarily serving manufacturing and process industries. Security assessments have identified forty-nine Common Vulnerabilities and Exposures (CVEs) associated with its product ecosystem, indicating a significant historical attack surface. The majority of these vulnerabilities stem from insecure default configurations, improper access control mechanisms, and cross-site scripting flaws within web-based management interfaces. While remote code execution incidents are less frequent, privilege escalation bugs have allowed unauthorized users to gain administrative access to critical control systems. Notably, the company has faced scrutiny regarding delayed patch cycles for legacy hardware, which remains widely deployed in operational technology environments. These findings highlight persistent challenges in securing embedded industrial devices, where maintaining backward compatibility often conflicts with implementing robust, modern security protocols.

Top products by AutomationDirect: P3-550E Productivity Suite CLICK PLUS C0-0x CPU firmware C-more EA9 C-MORE EA9 HMI EA9-T6CL DirectLOGIC D0-06 series CPUs DirectLogic H2-DM1E CLICK Programmable Logic Controller CLICK Programming Software (Part Number C0-PGMSW) SIO-MB04RTDS MB-Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2025-25051 AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password — CLICK Programmable Logic ControllerCWE-256 6.1 Medium2026-01-22
CVE-2025-67652 AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password — CLICK Programmable Logic ControllerCWE-261 6.1 Medium2026-01-22
CVE-2025-60023 AutomationDirect Productivity Suite Relative Path Traversal — Productivity SuiteCWE-23 4.0 Medium2025-10-23
CVE-2025-59776 AutomationDirect Productivity Suite Relative Path Traversal — Productivity SuiteCWE-23 4.0 Medium2025-10-23
CVE-2025-58429 AutomationDirect Productivity Suite Relative Path Traversal — Productivity SuiteCWE-23 7.5 High2025-10-23
CVE-2025-58078 AutomationDirect Productivity Suite Relative Path Traversal — Productivity SuiteCWE-23 7.5 High2025-10-23
CVE-2025-58456 AutomationDirect Productivity Suite Relative Path Traversal — Productivity SuiteCWE-23 6.8 Medium2025-10-23
CVE-2025-61934 AutomationDirect Productivity Suite Binding to an Unrestricted IP Address CWE-1327 — Productivity SuiteCWE-1327 10.0 Critical2025-10-23
CVE-2025-62688 AutomationDirect Productivity Suite Incorrect Permission Assignment for Critical Resource — Productivity SuiteCWE-732 7.1 High2025-10-23
CVE-2025-61977 AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password — Productivity SuiteCWE-640 7.0 High2025-10-23
CVE-2025-62498 AutomationDirect Productivity Suite Relative Path Traversal — Productivity SuiteCWE-23 8.8 High2025-10-23
CVE-2025-57882 AutomationDirect CLICK PLUS Improper Resource Shutdown or Release — CLICK PLUS C0-0x CPU firmwareCWE-404 5.9 Medium2025-09-23
CVE-2025-55038 AutomationDirect CLICK PLUS Missing Authorization — CLICK PLUS C0-0x CPU firmwareCWE-862 6.8 Medium2025-09-23
CVE-2025-58473 AutomationDirect CLICK PLUS Improper Resource Shutdown or Release — CLICK PLUS C0-0x CPU firmwareCWE-404 5.9 Medium2025-09-23
CVE-2025-55069 AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator — CLICK PLUS C0-0x CPU firmwareCWE-337 8.3 High2025-09-23
CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm — CLICK PLUS C0-0x CPU firmwareCWE-327 8.3 High2025-09-23
CVE-2025-58069 AutomationDirect CLICK PLUS Use of Hard-coded Cryptographic Key — CLICK PLUS C0-0x CPU firmwareCWE-321 5.3 Medium2025-09-23
CVE-2025-54855 AutomationDirect CLICK PLUS Cleartext Storage of Sensitive Information — CLICK PLUS C0-0x CPU firmwareCWE-312 4.2 Medium2025-09-23
CVE-2025-36535 AutomationDirect MB-Gateway Missing Authentication for Critical Function — MB-GatewayCWE-306 10.0 Critical2025-05-21
CVE-2025-0960 AutomationDirect C-more EA9 HMI Classic Buffer Overflow — C-more EA9 HMI EA9-T6CLCWE-120 9.8 Critical2025-02-04
CVE-2024-11611 AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability — C-More EA9CWE-119 7.8 -2025-01-30
CVE-2024-11610 AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability — C-More EA9CWE-119 7.8 -2025-01-30
CVE-2024-11609 AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability — C-More EA9CWE-121 7.8 -2025-01-30
CVE-2024-45368 AutomationDirect DirectLogic H2-DM1E Session Fixation — DirectLogic H2-DM1ECWE-384 8.8 High2024-09-13
CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay — DirectLogic H2-DM1ECWE-294 8.8 High2024-09-13
CVE-2024-24851 AutomationDirect P3-550E 安全漏洞 — P3-550ECWE-805 7.5 High2024-05-28
CVE-2024-24947 AutomationDirect P3-550E 缓冲区错误漏洞 — P3-550ECWE-787 8.2 High2024-05-28
CVE-2024-24946 AutomationDirect P3-550E 缓冲区错误漏洞 — P3-550ECWE-787 8.2 High2024-05-28
CVE-2024-24959 AutomationDirect P3-550E 缓冲区错误漏洞 — P3-550ECWE-787 8.2 High2024-05-28
CVE-2024-24956 AutomationDirect P3-550E 缓冲区错误漏洞 — P3-550ECWE-787 8.2 High2024-05-28

This page lists every published CVE security advisory associated with AutomationDirect. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.