Search criteria
15 vulnerabilities found for c0-10dd2e-d_firmware by automationdirect
FKIE_CVE-2021-32982
Vulnerability from fkie_nvd - Published: 2022-04-04 20:15 - Updated: 2024-11-21 06:08
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "809BA584-F893-4DE1-ABFF-159EEAA358FF",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A81E6705-D033-4024-8FA5-3B8126BA99DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D135DAD-1CC9-4489-A0A1-4A9B08F5BA5B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F590AF4-E9CB-4C9A-B1A9-6181FBC81336",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76AFBCC-2260-4E5D-8534-D7157A8B363A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F690E38A-3290-4331-BCE0-0EC147805556",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEF7DCB-3CF4-4A64-971F-C0287E294CBA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7D9142-7F82-4E45-A306-4A899E3ABF4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F949EF9C-5F50-4D10-8D25-D0C56657C0D1",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97209878-20DD-4121-A1D5-A4D96911FEE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335D4844-DE34-4806-9B76-E2B4AD91DA96",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E60966AB-7ACE-42EC-AEC6-8CDC05598916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A5E2F8-C024-4DCC-923A-983379B0A645",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2E6605-6623-47CF-8632-10BDF2793189",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C026105-7051-4F16-BC05-3AC15AA18506",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13C86840-19DF-4F2F-B2AC-ECC37D915E76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DFCF51-8057-46B0-9692-691D8190EC8A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0341C73-C0B9-4FAD-B254-BF2B9899C4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A77D3278-58CD-4715-851A-BD4298C1EBD4",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7942D90E-3014-4802-89EE-1CA9708A92D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16FA238D-3252-4207-BCB0-17E2E53A6A4B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "345CC4B9-6EE6-4B0B-87A6-941F7A581191",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6974892E-A4BD-4D1A-B029-763FA5EC1458",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A273D864-AE1A-411C-BBD7-4907DD8B349E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2CC279-840B-4688-B981-11CEC476BEB9",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3F7FA9-A7D4-499E-8C52-155FB93E6522",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A25805A-F49D-4305-8108-F4D509304213",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "464C9AF0-BA89-4989-BE03-D0C30B3BEFFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC8833-C0B8-4D23-A1D2-55FAFAA48BA7",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6415993D-A15E-4295-B151-8388550156A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8121DA90-D68C-46B6-9B8B-468F3F5E7CAA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04C302C-DB3D-4B3B-BE7C-5AD621AEF02A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E1F884-FA09-45E7-BFC0-F7482EA5A8BA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D366-AD0C-4D78-91EF-67F205550820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74838CA-C58B-427F-9429-080D8CE5217E",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F5F7E6-34EA-44A9-B26D-C8B7E281FB31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3184B1-9DDE-4661-A225-AB32D81A84A8",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA4EA2B-77A8-4852-A84D-FB8B67F64393",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BADBAD-0F6B-4CE4-BFB6-9018BDE278BC",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00066AE3-08DF-4CCC-97A6-A4D8A4BC40F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange."
},
{
"lang": "es",
"value": "M\u00f3dulos de CPU de PLC CLICK de Automation Direct: CPUs C0-1x con versiones de firmware anteriores a v3.00, las contrase\u00f1as son enviadas como texto plano durante el desbloqueo y las transferencias de proyectos. Un atacante que tenga visibilidad de la red puede observar el intercambio de contrase\u00f1as"
}
],
"id": "CVE-2021-32982",
"lastModified": "2024-11-21T06:08:03.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:09.047",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32986
Vulnerability from fkie_nvd - Published: 2022-04-04 20:15 - Updated: 2024-11-21 06:08
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "809BA584-F893-4DE1-ABFF-159EEAA358FF",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A81E6705-D033-4024-8FA5-3B8126BA99DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D135DAD-1CC9-4489-A0A1-4A9B08F5BA5B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F590AF4-E9CB-4C9A-B1A9-6181FBC81336",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76AFBCC-2260-4E5D-8534-D7157A8B363A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F690E38A-3290-4331-BCE0-0EC147805556",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEF7DCB-3CF4-4A64-971F-C0287E294CBA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7D9142-7F82-4E45-A306-4A899E3ABF4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F949EF9C-5F50-4D10-8D25-D0C56657C0D1",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97209878-20DD-4121-A1D5-A4D96911FEE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335D4844-DE34-4806-9B76-E2B4AD91DA96",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E60966AB-7ACE-42EC-AEC6-8CDC05598916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A5E2F8-C024-4DCC-923A-983379B0A645",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2E6605-6623-47CF-8632-10BDF2793189",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C026105-7051-4F16-BC05-3AC15AA18506",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13C86840-19DF-4F2F-B2AC-ECC37D915E76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DFCF51-8057-46B0-9692-691D8190EC8A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0341C73-C0B9-4FAD-B254-BF2B9899C4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A77D3278-58CD-4715-851A-BD4298C1EBD4",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7942D90E-3014-4802-89EE-1CA9708A92D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16FA238D-3252-4207-BCB0-17E2E53A6A4B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "345CC4B9-6EE6-4B0B-87A6-941F7A581191",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6974892E-A4BD-4D1A-B029-763FA5EC1458",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A273D864-AE1A-411C-BBD7-4907DD8B349E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2CC279-840B-4688-B981-11CEC476BEB9",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3F7FA9-A7D4-499E-8C52-155FB93E6522",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A25805A-F49D-4305-8108-F4D509304213",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "464C9AF0-BA89-4989-BE03-D0C30B3BEFFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC8833-C0B8-4D23-A1D2-55FAFAA48BA7",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6415993D-A15E-4295-B151-8388550156A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8121DA90-D68C-46B6-9B8B-468F3F5E7CAA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04C302C-DB3D-4B3B-BE7C-5AD621AEF02A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E1F884-FA09-45E7-BFC0-F7482EA5A8BA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D366-AD0C-4D78-91EF-67F205550820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74838CA-C58B-427F-9429-080D8CE5217E",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F5F7E6-34EA-44A9-B26D-C8B7E281FB31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3184B1-9DDE-4661-A225-AB32D81A84A8",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA4EA2B-77A8-4852-A84D-FB8B67F64393",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BADBAD-0F6B-4CE4-BFB6-9018BDE278BC",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00066AE3-08DF-4CCC-97A6-A4D8A4BC40F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."
},
{
"lang": "es",
"value": "Despu\u00e9s de los m\u00f3dulos de CPU del PLC CLICK de Automation Direct: C0-1x con versiones de firmware anteriores a v3.00, son desbloqueados por un usuario autorizado, el estado de desbloqueo no es agotado. Si el software de programaci\u00f3n es interrumpido, el PLC permanece desbloqueado. Todas las conexiones de programaci\u00f3n posteriores son permitidas sin autorizaci\u00f3n. El PLC s\u00f3lo es vuelto a bloquear por un ciclo de energ\u00eda, o cuando el software de programaci\u00f3n es desconectado correctamente"
}
],
"id": "CVE-2021-32986",
"lastModified": "2024-11-21T06:08:04.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:09.207",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32984
Vulnerability from fkie_nvd - Published: 2022-04-04 20:15 - Updated: 2024-11-21 06:08
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "809BA584-F893-4DE1-ABFF-159EEAA358FF",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A81E6705-D033-4024-8FA5-3B8126BA99DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D135DAD-1CC9-4489-A0A1-4A9B08F5BA5B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F590AF4-E9CB-4C9A-B1A9-6181FBC81336",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76AFBCC-2260-4E5D-8534-D7157A8B363A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F690E38A-3290-4331-BCE0-0EC147805556",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEF7DCB-3CF4-4A64-971F-C0287E294CBA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7D9142-7F82-4E45-A306-4A899E3ABF4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F949EF9C-5F50-4D10-8D25-D0C56657C0D1",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97209878-20DD-4121-A1D5-A4D96911FEE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335D4844-DE34-4806-9B76-E2B4AD91DA96",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E60966AB-7ACE-42EC-AEC6-8CDC05598916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A5E2F8-C024-4DCC-923A-983379B0A645",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2E6605-6623-47CF-8632-10BDF2793189",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C026105-7051-4F16-BC05-3AC15AA18506",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13C86840-19DF-4F2F-B2AC-ECC37D915E76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DFCF51-8057-46B0-9692-691D8190EC8A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0341C73-C0B9-4FAD-B254-BF2B9899C4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A77D3278-58CD-4715-851A-BD4298C1EBD4",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7942D90E-3014-4802-89EE-1CA9708A92D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16FA238D-3252-4207-BCB0-17E2E53A6A4B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "345CC4B9-6EE6-4B0B-87A6-941F7A581191",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6974892E-A4BD-4D1A-B029-763FA5EC1458",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A273D864-AE1A-411C-BBD7-4907DD8B349E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2CC279-840B-4688-B981-11CEC476BEB9",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3F7FA9-A7D4-499E-8C52-155FB93E6522",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A25805A-F49D-4305-8108-F4D509304213",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "464C9AF0-BA89-4989-BE03-D0C30B3BEFFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC8833-C0B8-4D23-A1D2-55FAFAA48BA7",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6415993D-A15E-4295-B151-8388550156A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8121DA90-D68C-46B6-9B8B-468F3F5E7CAA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04C302C-DB3D-4B3B-BE7C-5AD621AEF02A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E1F884-FA09-45E7-BFC0-F7482EA5A8BA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D366-AD0C-4D78-91EF-67F205550820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74838CA-C58B-427F-9429-080D8CE5217E",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F5F7E6-34EA-44A9-B26D-C8B7E281FB31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3184B1-9DDE-4661-A225-AB32D81A84A8",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA4EA2B-77A8-4852-A84D-FB8B67F64393",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BADBAD-0F6B-4CE4-BFB6-9018BDE278BC",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00066AE3-08DF-4CCC-97A6-A4D8A4BC40F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization."
},
{
"lang": "es",
"value": "Todas las conexiones de programaci\u00f3n reciben los mismos privilegios desbloqueados, lo que puede resultar en una escalada de privilegios. Durante el tiempo que los M\u00f3dulos de CPU de PLC CLICK de Automation Direct: CPUs C0-1x con versiones de firmware anteriores a v3.00, es desbloqueado por un usuario autorizado, un atacante puede conectarse al PLC y leer el proyecto sin autorizaci\u00f3n"
}
],
"id": "CVE-2021-32984",
"lastModified": "2024-11-21T06:08:03.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:09.100",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32978
Vulnerability from fkie_nvd - Published: 2022-04-04 20:15 - Updated: 2024-11-21 06:08
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "809BA584-F893-4DE1-ABFF-159EEAA358FF",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A81E6705-D033-4024-8FA5-3B8126BA99DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D135DAD-1CC9-4489-A0A1-4A9B08F5BA5B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F590AF4-E9CB-4C9A-B1A9-6181FBC81336",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76AFBCC-2260-4E5D-8534-D7157A8B363A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F690E38A-3290-4331-BCE0-0EC147805556",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEF7DCB-3CF4-4A64-971F-C0287E294CBA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7D9142-7F82-4E45-A306-4A899E3ABF4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F949EF9C-5F50-4D10-8D25-D0C56657C0D1",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97209878-20DD-4121-A1D5-A4D96911FEE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335D4844-DE34-4806-9B76-E2B4AD91DA96",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E60966AB-7ACE-42EC-AEC6-8CDC05598916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A5E2F8-C024-4DCC-923A-983379B0A645",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2E6605-6623-47CF-8632-10BDF2793189",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C026105-7051-4F16-BC05-3AC15AA18506",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13C86840-19DF-4F2F-B2AC-ECC37D915E76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DFCF51-8057-46B0-9692-691D8190EC8A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0341C73-C0B9-4FAD-B254-BF2B9899C4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A77D3278-58CD-4715-851A-BD4298C1EBD4",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7942D90E-3014-4802-89EE-1CA9708A92D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16FA238D-3252-4207-BCB0-17E2E53A6A4B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "345CC4B9-6EE6-4B0B-87A6-941F7A581191",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6974892E-A4BD-4D1A-B029-763FA5EC1458",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A273D864-AE1A-411C-BBD7-4907DD8B349E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2CC279-840B-4688-B981-11CEC476BEB9",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3F7FA9-A7D4-499E-8C52-155FB93E6522",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A25805A-F49D-4305-8108-F4D509304213",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "464C9AF0-BA89-4989-BE03-D0C30B3BEFFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC8833-C0B8-4D23-A1D2-55FAFAA48BA7",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6415993D-A15E-4295-B151-8388550156A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8121DA90-D68C-46B6-9B8B-468F3F5E7CAA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04C302C-DB3D-4B3B-BE7C-5AD621AEF02A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E1F884-FA09-45E7-BFC0-F7482EA5A8BA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D366-AD0C-4D78-91EF-67F205550820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74838CA-C58B-427F-9429-080D8CE5217E",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F5F7E6-34EA-44A9-B26D-C8B7E281FB31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3184B1-9DDE-4661-A225-AB32D81A84A8",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA4EA2B-77A8-4852-A84D-FB8B67F64393",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BADBAD-0F6B-4CE4-BFB6-9018BDE278BC",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00066AE3-08DF-4CCC-97A6-A4D8A4BC40F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00."
},
{
"lang": "es",
"value": "El protocolo de programaci\u00f3n permite que un atacante lea la contrase\u00f1a introducida previamente y el estado de bloqueo. Si la contrase\u00f1a introducida previamente fue satisfactoria, el atacante puede usar la contrase\u00f1a para desbloquear los m\u00f3dulos de CPU del PLC de Automation Direct CLICK: CPUs C0-1x con versiones de firmware anteriores a v3.00"
}
],
"id": "CVE-2021-32978",
"lastModified": "2024-11-21T06:08:02.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:08.880",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-256"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32980
Vulnerability from fkie_nvd - Published: 2022-04-04 20:15 - Updated: 2024-11-21 06:08
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "809BA584-F893-4DE1-ABFF-159EEAA358FF",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A81E6705-D033-4024-8FA5-3B8126BA99DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D135DAD-1CC9-4489-A0A1-4A9B08F5BA5B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F590AF4-E9CB-4C9A-B1A9-6181FBC81336",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76AFBCC-2260-4E5D-8534-D7157A8B363A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F690E38A-3290-4331-BCE0-0EC147805556",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEF7DCB-3CF4-4A64-971F-C0287E294CBA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7D9142-7F82-4E45-A306-4A899E3ABF4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F949EF9C-5F50-4D10-8D25-D0C56657C0D1",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97209878-20DD-4121-A1D5-A4D96911FEE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335D4844-DE34-4806-9B76-E2B4AD91DA96",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E60966AB-7ACE-42EC-AEC6-8CDC05598916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A5E2F8-C024-4DCC-923A-983379B0A645",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2E6605-6623-47CF-8632-10BDF2793189",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C026105-7051-4F16-BC05-3AC15AA18506",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13C86840-19DF-4F2F-B2AC-ECC37D915E76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DFCF51-8057-46B0-9692-691D8190EC8A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0341C73-C0B9-4FAD-B254-BF2B9899C4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A77D3278-58CD-4715-851A-BD4298C1EBD4",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7942D90E-3014-4802-89EE-1CA9708A92D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16FA238D-3252-4207-BCB0-17E2E53A6A4B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "345CC4B9-6EE6-4B0B-87A6-941F7A581191",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6974892E-A4BD-4D1A-B029-763FA5EC1458",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A273D864-AE1A-411C-BBD7-4907DD8B349E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2CC279-840B-4688-B981-11CEC476BEB9",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3F7FA9-A7D4-499E-8C52-155FB93E6522",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A25805A-F49D-4305-8108-F4D509304213",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "464C9AF0-BA89-4989-BE03-D0C30B3BEFFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC8833-C0B8-4D23-A1D2-55FAFAA48BA7",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6415993D-A15E-4295-B151-8388550156A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8121DA90-D68C-46B6-9B8B-468F3F5E7CAA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04C302C-DB3D-4B3B-BE7C-5AD621AEF02A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E1F884-FA09-45E7-BFC0-F7482EA5A8BA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D366-AD0C-4D78-91EF-67F205550820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74838CA-C58B-427F-9429-080D8CE5217E",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F5F7E6-34EA-44A9-B26D-C8B7E281FB31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3184B1-9DDE-4661-A225-AB32D81A84A8",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA4EA2B-77A8-4852-A84D-FB8B67F64393",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BADBAD-0F6B-4CE4-BFB6-9018BDE278BC",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00066AE3-08DF-4CCC-97A6-A4D8A4BC40F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active."
},
{
"lang": "es",
"value": "M\u00f3dulos de CPU del PLC CLICK de Automation Direct: Las CPUs C0-1x con firmware versiones anteriores a v3.00, no protegen contra conexiones de programaci\u00f3n de software adicionales. Un atacante puede conectarse al PLC mientras una conexi\u00f3n presente ya est\u00e1 activa"
}
],
"id": "CVE-2021-32980",
"lastModified": "2024-11-21T06:08:03.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:08.940",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-32982 (GCVE-0-2021-32982)
Vulnerability from cvelistv5 – Published: 2022-04-04 19:45 – Updated: 2025-04-16 16:31
VLAI?
Title
Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information
Summary
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.
Severity ?
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs |
Affected:
unspecified , < 3.00
(custom)
|
Credits
Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:57:48.356045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:26.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"descriptions": [
{
"lang": "en",
"value": "Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:57.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
},
"title": "Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32982",
"STATE": "PUBLIC",
"TITLE": "Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLICK PLC CPU Modules: C0-1x CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.00"
}
]
}
}
]
},
"vendor_name": "Automation Direct"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32982",
"datePublished": "2022-04-04T19:45:57.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:26.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32986 (GCVE-0-2021-32986)
Vulnerability from cvelistv5 – Published: 2022-04-04 19:45 – Updated: 2025-04-16 16:31
VLAI?
Title
Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
Summary
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.
Severity ?
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs |
Affected:
unspecified , < 3.00
(custom)
|
Credits
Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:15.348434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:33.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"descriptions": [
{
"lang": "en",
"value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:56.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
},
"title": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32986",
"STATE": "PUBLIC",
"TITLE": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLICK PLC CPU Modules: C0-1x CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.00"
}
]
}
}
]
},
"vendor_name": "Automation Direct"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32986",
"datePublished": "2022-04-04T19:45:56.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:33.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32984 (GCVE-0-2021-32984)
Vulnerability from cvelistv5 – Published: 2022-04-04 19:45 – Updated: 2025-04-16 16:31
VLAI?
Title
Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
Summary
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization.
Severity ?
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs |
Affected:
unspecified , < 3.00
(custom)
|
Credits
Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:19.421509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:41.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"descriptions": [
{
"lang": "en",
"value": "All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
},
"title": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32984",
"STATE": "PUBLIC",
"TITLE": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLICK PLC CPU Modules: C0-1x CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.00"
}
]
}
}
]
},
"vendor_name": "Automation Direct"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32984",
"datePublished": "2022-04-04T19:45:55.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:41.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32978 (GCVE-0-2021-32978)
Vulnerability from cvelistv5 – Published: 2022-04-04 19:45 – Updated: 2025-04-16 16:31
VLAI?
Title
Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password
Summary
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00.
Severity ?
7.5 (High)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs |
Affected:
unspecified , < 3.00
(custom)
|
Credits
Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:57:51.350434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:49.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"descriptions": [
{
"lang": "en",
"value": "The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:53.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32978",
"STATE": "PUBLIC",
"TITLE": "Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLICK PLC CPU Modules: C0-1x CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.00"
}
]
}
}
]
},
"vendor_name": "Automation Direct"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Plaintext Storage of a Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32978",
"datePublished": "2022-04-04T19:45:53.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:49.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32980 (GCVE-0-2021-32980)
Vulnerability from cvelistv5 – Published: 2022-04-04 19:45 – Updated: 2025-04-16 16:31
VLAI?
Title
Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
Summary
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.
Severity ?
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs |
Affected:
unspecified , < 3.00
(custom)
|
Credits
Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:22.876280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:57.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"descriptions": [
{
"lang": "en",
"value": "Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:52.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
},
"title": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32980",
"STATE": "PUBLIC",
"TITLE": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLICK PLC CPU Modules: C0-1x CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.00"
}
]
}
}
]
},
"vendor_name": "Automation Direct"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32980",
"datePublished": "2022-04-04T19:45:52.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:57.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32982 (GCVE-0-2021-32982)
Vulnerability from nvd – Published: 2022-04-04 19:45 – Updated: 2025-04-16 16:31
VLAI?
Title
Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information
Summary
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.
Severity ?
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs |
Affected:
unspecified , < 3.00
(custom)
|
Credits
Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:57:48.356045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:26.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"descriptions": [
{
"lang": "en",
"value": "Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:57.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
},
"title": "Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32982",
"STATE": "PUBLIC",
"TITLE": "Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLICK PLC CPU Modules: C0-1x CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.00"
}
]
}
}
]
},
"vendor_name": "Automation Direct"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32982",
"datePublished": "2022-04-04T19:45:57.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:26.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32986 (GCVE-0-2021-32986)
Vulnerability from nvd – Published: 2022-04-04 19:45 – Updated: 2025-04-16 16:31
VLAI?
Title
Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
Summary
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.
Severity ?
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs |
Affected:
unspecified , < 3.00
(custom)
|
Credits
Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:15.348434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:33.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"descriptions": [
{
"lang": "en",
"value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:56.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
},
"title": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32986",
"STATE": "PUBLIC",
"TITLE": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLICK PLC CPU Modules: C0-1x CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.00"
}
]
}
}
]
},
"vendor_name": "Automation Direct"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32986",
"datePublished": "2022-04-04T19:45:56.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:33.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32984 (GCVE-0-2021-32984)
Vulnerability from nvd – Published: 2022-04-04 19:45 – Updated: 2025-04-16 16:31
VLAI?
Title
Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
Summary
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization.
Severity ?
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs |
Affected:
unspecified , < 3.00
(custom)
|
Credits
Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:19.421509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:41.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"descriptions": [
{
"lang": "en",
"value": "All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
},
"title": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32984",
"STATE": "PUBLIC",
"TITLE": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLICK PLC CPU Modules: C0-1x CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.00"
}
]
}
}
]
},
"vendor_name": "Automation Direct"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32984",
"datePublished": "2022-04-04T19:45:55.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:41.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32978 (GCVE-0-2021-32978)
Vulnerability from nvd – Published: 2022-04-04 19:45 – Updated: 2025-04-16 16:31
VLAI?
Title
Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password
Summary
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00.
Severity ?
7.5 (High)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs |
Affected:
unspecified , < 3.00
(custom)
|
Credits
Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:57:51.350434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:49.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"descriptions": [
{
"lang": "en",
"value": "The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:53.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32978",
"STATE": "PUBLIC",
"TITLE": "Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLICK PLC CPU Modules: C0-1x CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.00"
}
]
}
}
]
},
"vendor_name": "Automation Direct"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Plaintext Storage of a Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32978",
"datePublished": "2022-04-04T19:45:53.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:49.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32980 (GCVE-0-2021-32980)
Vulnerability from nvd – Published: 2022-04-04 19:45 – Updated: 2025-04-16 16:31
VLAI?
Title
Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
Summary
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.
Severity ?
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automation Direct | CLICK PLC CPU Modules: C0-1x CPUs |
Affected:
unspecified , < 3.00
(custom)
|
Credits
Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:22.876280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:57.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLICK PLC CPU Modules: C0-1x CPUs",
"vendor": "Automation Direct",
"versions": [
{
"lessThan": "3.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"descriptions": [
{
"lang": "en",
"value": "Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:52.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
},
"title": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32980",
"STATE": "PUBLIC",
"TITLE": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLICK PLC CPU Modules: C0-1x CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.00"
}
]
}
}
]
},
"vendor_name": "Automation Direct"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."
}
],
"source": {
"advisory": "ICSA-21-166-02",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32980",
"datePublished": "2022-04-04T19:45:52.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:57.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}