CNNVD-202601-3936 Information

Jan 22, 2026 cve

CNNVD ID

CNNVD-202601-3936

CVE-2025-67652

CNNVD Published: 2026-01-22

Description (Chinese)

AutomationDirect CLICK Programmable Logic Controller是美国AutomationDirect公司的一个可编程逻辑控制器。 AutomationDirect CLICK Programmable Logic Controller存在安全漏洞，该漏洞源于项目文件中凭据暴露且缺乏强加密或安全处理机制，可能导致攻击者冒充用户、提升权限或未经授权访问系统和服务。

Description (English)

Automation Direct CLICK Programmable Logic Contractor is a programmable logical controller for Automation Direct, United States. There is a security loophole in the Automation Direct CLICK Programme Logic Contractors, which stems from evidence-based exposure in project documents and the lack of an enforcement or security mechanism, which could lead to the attackers impersonating users, enhancing privileges or gaining unauthorized access to systems and services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

AutomationDirect

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02 https://access.redhat.com/security/cve/cve-2025-67652

Patch

https://www.automationdirect.com/adc/home/home

Share on: