6.1
CVE-2025-25051
- EPSS 0.1%
- Veröffentlicht 22.01.2026 22:21:17
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password
An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAutomationDirect
≫
Produkt
CLICK Programmable Logic Controller
Default Statusunaffected
Version
C0-0x
Status
affected
Version
C0-1x
Status
affected
Version
C2-x
Status
affected
Version
V3.90
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.01 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
|
CWE-256 Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.
https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json