---
title: "Critical Flaws in AutomationDirect CLICK PLCs Expose Industrial Systems to Attacks"
short_title: "Critical vulnerabilities in AutomationDirect CLICK PLCs"
description: "Two medium-severity vulnerabilities in AutomationDirect CLICK PLCs enable attackers to impersonate users, decrypt data, and gain unauthorized access. Update to V3.90 now."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [plc, industrial-security, cve-2025-67652, cve-2025-25051, ot-security]
score: 0.78
cve_ids: [CVE-2025-67652, CVE-2025-25051]
---
TL;DR
AutomationDirect’s CLICK Programmable Logic Controllers (PLCs) are affected by two critical vulnerabilities—CVE-2025-67652 and CVE-2025-25051—that allow attackers to impersonate users, escalate privileges, and decrypt sensitive data. While not remotely exploitable, these flaws pose significant risks to industrial environments. Users are urged to update to firmware V3.90 or implement compensating controls immediately.
---
Main Content
Industrial control systems (ICS) are the backbone of critical infrastructure, and their security is paramount to preventing disruptions in manufacturing, energy, and other vital sectors. Recently, AutomationDirect’s CLICK PLCs were found to contain two medium-severity vulnerabilities that could compromise the integrity and confidentiality of industrial operations. These flaws, if exploited, could enable attackers to gain unauthorized access, decrypt sensitive data, and impersonate legitimate users—posing a serious threat to operational technology (OT) environments.
Key Points
- Two vulnerabilities identified: CVE-2025-67652 (Weak Encoding for Password) and CVE-2025-25051 (Plaintext Storage of a Password) affect AutomationDirect CLICK PLCs.
- Exploitation risks: Attackers with access to project files can impersonate users, escalate privileges, and decrypt sensitive data.
- Affected systems: CLICK PLC models C0-0x, C0-1x, and C2-x running outdated firmware.
- Mitigation: Update to V3.90 or implement compensating controls like network isolation, access restrictions, and monitoring.
- No active exploitation reported: While no public exploitation has been observed, the risks remain high for unpatched systems.
---
Technical Details
#### CVE-2025-67652: Weak Encoding for Password
This vulnerability stems from the use of weak encoding mechanisms for storing passwords in project files. An attacker with access to these files can decode credentials and use them to:
- Impersonate legitimate users.
- Escalate privileges within the system.
- Gain unauthorized access to connected systems and services.
The absence of robust encryption or secure handling mechanisms exacerbates the risk, making sensitive information more vulnerable to exploitation.
#### CVE-2025-25051: Plaintext Storage of a Password
This flaw involves the plaintext storage of passwords, allowing attackers to:
- Decrypt sensitive data without requiring additional tools or techniques.
- Impersonate devices or users to gain access to network resources.
- Conduct lateral attacks within the network, potentially compromising additional systems.
Both vulnerabilities share a CVSS v3.1 base score of 6.1 (Medium severity) and are classified under:
- CWE-261 (Weak Encoding for Password) for CVE-2025-67652.
- CWE-256 (Plaintext Storage of a Password) for CVE-2025-25051.
---
Impact Assessment
The exploitation of these vulnerabilities could have severe consequences for industrial environments, including:
- Unauthorized access to critical systems, leading to operational disruptions.
- Data breaches involving sensitive industrial processes or proprietary information.
- Lateral movement within networks, enabling attackers to compromise additional assets.
- Compliance violations for organizations subject to regulatory frameworks like NIST, IEC 62443, or NERC CIP.
While these vulnerabilities are not exploitable remotely, their impact is amplified in environments where physical or logical access to PLCs is insufficiently restricted.
---
Mitigation Steps
AutomationDirect has released firmware V3.90 to address these vulnerabilities. Users are strongly advised to:
1. Update immediately: Apply the latest firmware (V3.90) to all affected CLICK PLCs.
2. Implement compensating controls if updates cannot be applied right away:
- Network Isolation: Disconnect PLCs from external networks (e.g., internet or corporate LAN).
- Secure Communications: Use trusted, dedicated internal networks or air-gapped systems.
- Access Control: Restrict physical and logical access to authorized personnel only.
- Application Whitelisting: Allow only pre-approved applications to run on connected systems.
- Endpoint Protection: Deploy antivirus/EDR tools and configure host-based firewalls.
- Logging & Monitoring: Enable and review system logs regularly to detect suspicious activity.
- Backup & Recovery: Maintain secure, tested backups of PLC configurations and firmware.
- Ongoing Risk Assessment: Continuously evaluate risks and adjust mitigations as needed.
---
Affected Systems
The following AutomationDirect CLICK PLC models are affected:
- C0-0x
- C0-1x
- C2-x
---
Conclusion
The discovery of CVE-2025-67652 and CVE-2025-25051 in AutomationDirect CLICK PLCs underscores the critical importance of securing industrial control systems. While these vulnerabilities are not remotely exploitable, their potential impact on operational integrity and data confidentiality cannot be underestimated. Organizations using affected PLCs must prioritize firmware updates and implement compensating controls to mitigate risks.
As industrial environments become increasingly interconnected, proactive cybersecurity measures—such as regular patching, network segmentation, and access controls—are essential to safeguarding critical infrastructure from evolving threats.
---
References
[^1]: CISA. "[ICSA-26-022-02: AutomationDirect CLICK PLC Vulnerabilities](https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02)". Retrieved 2025-01-24.
[^2]: NIST. "[CVE-2025-67652 Detail](https://nvd.nist.gov/vuln/detail/CVE-2025-67652)". Retrieved 2025-01-24.
[^3]: NIST. "[CVE-2025-25051 Detail](https://nvd.nist.gov/vuln/detail/CVE-2025-25051)". Retrieved 2025-01-24.
[^4]: MITRE. "[CWE-261: Weak Encoding for Password](https://cwe.mitre.org/data/definitions/261.html)". Retrieved 2025-01-24.
[^5]: MITRE. "[CWE-256: Plaintext Storage of a Password](https://cwe.mitre.org/data/definitions/256.html)". Retrieved 2025-01-24.