CVE-2025-67652

MEDIUM6.1

Description

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leaving sensitive information more vulnerable.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Affected products

AutomationDirect / CLICK Programmable Logic ControllerC0-0x – C0-0x
AutomationDirect / CLICK Programmable Logic ControllerC0-1x – C0-1x
AutomationDirect / CLICK Programmable Logic ControllerC2-x – C2-x
AutomationDirect / CLICK Programmable Logic ControllerV3.90 – V3.90

References

VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02
MISChttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json