CNNVD-202509-3633 Information

CNNVD ID

CNNVD-202509-3633

Related CVE

CVE-2025-55038

• CNNVD Published: 2025-09-23

Description (Chinese)

AutomationDirect CLICK PLUS是美国AutomationDirect公司的一款小型可编程逻辑控制器。 AutomationDirect CLICK PLUS 3.60版本存在安全漏洞，该漏洞源于KOPR协议授权不当，可能导致低权限用户越权读取和修改PLC变量。

Description (English)

Automation Direct CLICK PLUS is a small programmable logic controller for Automation Direct in the United States. There is a security loophole in Automotive Direct CLICK PLUS 3.60, which stems from the KOPR protocol ’ s inappropriate authorization, which may result in low-authority users overloading and modifying PLC variables.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

AutomationDirect

Published

2025-09-23

Last Modified

2026-02-24

References

https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01

Patch

https://www.automationdirect.com/support/software-downloads