{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-25051","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2025-02-05T15:36:40.953Z","datePublished":"2026-01-22T22:21:17.674Z","dateUpdated":"2026-01-23T20:10:07.680Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"CLICK Programmable Logic Controller","vendor":"AutomationDirect","versions":[{"status":"affected","version":"C0-0x"},{"status":"affected","version":"C0-1x"},{"status":"affected","version":"C2-x"},{"status":"unaffected","version":"V3.90"}]}],"credits":[{"lang":"en","type":"finder","value":"Dylan Chambers Bourgeois of Triskele Labs reported these vulnerabilities to CISA"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An attacker could decrypt sensitive data, impersonate legitimate users \nor devices, and potentially gain access to network resources for lateral\n attacks."}],"value":"An attacker could decrypt sensitive data, impersonate legitimate users \nor devices, and potentially gain access to network resources for lateral\n attacks."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-256","description":"CWE-256","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2026-01-22T22:21:17.674Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"AutomationDirect recommends that users update CLICK PLUS and firmware to V3.90.\n\n<br>"}],"value":"AutomationDirect recommends that users update CLICK PLUS and firmware to V3.90."}],"source":{"advisory":"ICSA-26-022-02","discovery":"EXTERNAL"},"title":"AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>If the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed:<br></p><ul><li>Network Isolation – Disconnect the \nCLICK PLUS PLC from external networks (e.g., the internet or corporate \nLAN) to reduce exposure.</li><li>Secure Communications – Use only trusted, dedicated internal networks or air-gapped systems for device communication.</li><li>Access Control – Restrict both physical and logical access to authorized personnel only.</li><li>Application Whitelisting – Configure \nwhitelisting so that only trusted, pre-approved applications are allowed\n to run. Block any unauthorized software.</li><li>Endpoint Protection – Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.</li><li>Logging &amp; Monitoring – Enable and regularly review system logs to detect suspicious or unauthorized activity.</li><li>Backup &amp; Recovery – Maintain \nsecure, tested backups of the PLC and its configurations to minimize \ndowntime in case of an incident.</li><li>Ongoing Risk Assessment – Continuously\n evaluate risks associated with running outdated firmware and adjust \ncompensating measures accordingly.</li></ul>\n\n\n\n\n\n\n\n\n\n<br>"}],"value":"If the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed:\n\n\n  *  Network Isolation – Disconnect the \nCLICK PLUS PLC from external networks (e.g., the internet or corporate \nLAN) to reduce exposure.\n  *  Secure Communications – Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n  *  Access Control – Restrict both physical and logical access to authorized personnel only.\n  *  Application Whitelisting – Configure \nwhitelisting so that only trusted, pre-approved applications are allowed\n to run. Block any unauthorized software.\n  *  Endpoint Protection – Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n  *  Logging & Monitoring – Enable and regularly review system logs to detect suspicious or unauthorized activity.\n  *  Backup & Recovery – Maintain \nsecure, tested backups of the PLC and its configurations to minimize \ndowntime in case of an incident.\n  *  Ongoing Risk Assessment – Continuously\n evaluate risks associated with running outdated firmware and adjust \ncompensating measures accordingly."}],"x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-23T20:09:56.650718Z","id":"CVE-2025-25051","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-23T20:10:07.680Z"}}]}}