CVE-2025-55069

AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator

CVSS 8.7 HIGHEPSS 0.3%CWE-337

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Produtos afetados

AutomationDirect · CLICK PLUS C0-0x CPU firmware AutomationDirect · CLICK PLUS C0-1x CPU firmware AutomationDirect · CLICK PLUS C2-x CPU firmware

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01