CVE-2025-59484

HIGH

Click Plus PLC <3.60 - Info Disclosure

Title source: llm

Description

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm.

References (2)

[Various Sources] https://www.automationdirect.com/support/software-downloads

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01

Scores

CVSS v3 8.3

EPSS 0.0002

EPSS Percentile 3.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-327

Status published

Products (3)

AutomationDirect/CLICK PLUS C0-0x CPU firmware < v3.71

AutomationDirect/CLICK PLUS C0-1x CPU firmware < v3.71

AutomationDirect/CLICK PLUS C2-x CPU firmware < v3.71

Published Sep 23, 2025

Tracked Since Feb 18, 2026