Home

Description

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions of the Click Programming Software.

PUBLISHED Reserved 2025-09-16 | Published 2025-09-23 | Updated 2025-09-24 | Assigner icscert




HIGH: 8.2CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-404 Improper Resource Shutdown or Release

Product status

Default status
unaffected

Any version before v3.71
affected

Default status
unaffected

Any version before v3.71
affected

Default status
unaffected

Any version before v3.71
affected

Credits

Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-266-01

www.automationdirect.com/support/software-downloads

cve.org (CVE-2025-58473)

nvd.nist.gov (CVE-2025-58473)

Download JSON