Home

Description

Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text.

PUBLISHED Reserved 2025-09-16 | Published 2025-09-23 | Updated 2025-09-24 | Assigner icscert




MEDIUM: 4.1CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 4.2CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-312 Cleartext Storage of Sensitive Information

Product status

Default status
unaffected

Any version before v3.71
affected

Default status
unaffected

Any version before v3.71
affected

Default status
unaffected

Any version before v3.71
affected

Credits

Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-266-01

www.automationdirect.com/support/software-downloads

cve.org (CVE-2025-54855)

nvd.nist.gov (CVE-2025-54855)

Download JSON