Click Plus PLCs: Vulnerabilities Galore or Just Firmware Follies?
View CSAF and discover a comedy of errors in cybersecurity! AutomationDirect’s CLICK PLUS devices face vulnerabilities like cleartext storage and hard-coded cryptographic keys, turning them into a hacker’s dream. But fear not, because with network isolation and secure communications, you can turn your device from a sitting duck to a nimble ninja!
Hot Take:
AutomationDirect’s CLICK PLUS firmware might be the new favorite playground for cyber tricksters, boasting vulnerabilities that could make any hacker’s dream come true. It’s like a buffet of security slip-ups: from cleartext storage to broken cryptographic algorithms. If your PLCs were hoping for a security vacation, it looks like they’ll have to settle for a staycation with a side of network isolation and application whitelisting. Better luck next firmware update, folks!
Key Points:
- Vulnerabilities in CLICK PLUS firmware versions prior to v3.71 are exploitable remotely, with low attack complexity.
- Security issues include cleartext storage, hard-coded cryptographic keys, and risky cryptographic algorithms.
- Potential risks include unauthorized access, information disclosure, and denial-of-service attacks.
- AutomationDirect recommends updating to firmware v3.80 and implementing various compensating controls.
- No known public exploitation specifically targeting these vulnerabilities has been reported yet.