CVE-2025-55038
MEDIUMAutomationDirect CLICK PLUS C0-0x C0-1x C2-x CPU firmware < 3.71 - Authenticated Authorization Bypass via KOPR Protocol
Title source: llmDescription
An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variables beyond their intended authorization level.
References (2)
Core 2
Core References
Various Sources
https://www.automationdirect.com/support/software-downloads
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01
Scores
CVSS v3
6.8
EPSS
0.0024
EPSS Percentile
14.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (3)
AutomationDirect/CLICK PLUS C0-0x CPU firmware
< v3.71
AutomationDirect/CLICK PLUS C0-1x CPU firmware
< v3.71
AutomationDirect/CLICK PLUS C2-x CPU firmware
< v3.71
Published
Sep 23, 2025
Tracked Since
Feb 18, 2026