CNNVD-202509-3635 Information

CNNVD ID

CNNVD-202509-3635

Related CVE

CVE-2025-58069

• CNNVD Published: 2025-09-23

Description (Chinese)

AutomationDirect CLICK PLUS是美国AutomationDirect公司的一款小型可编程逻辑控制器。 AutomationDirect CLICK PLUS 3.60版本存在安全漏洞，该漏洞源于固件中使用硬编码AES密钥保护KOPS会话初始消息，可能导致密钥泄露。

Description (English)

Automation Direct CLICK PLUS is a small programmable logic controller for Automation Direct in the United States. Security breach in version 3.60 of Automation Direct CLICK PLUS arises from the use of hard-coded AES keys to protect the initial KUPS session, which may lead to the release of the key.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

AutomationDirect

Published

2025-09-23

Last Modified

2026-02-24

References

https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01

Patch

https://www.automationdirect.com/support/software-downloads