CVE-2025-59484 | THREATINT

Description

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm.

PUBLISHED Reserved 2025-09-16 | Published 2025-09-23 | Updated 2025-09-24 | Assigner icscert

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Problem types

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Product status

Default status

unaffected

Any version before v3.71

affected

Default status

unaffected

Any version before v3.71

affected

Default status

unaffected

Any version before v3.71

affected

Credits

Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-266-01

www.automationdirect.com/support/software-downloads

cve.org (CVE-2025-59484)

nvd.nist.gov (CVE-2025-59484)

Download JSON

help @ threatint.eu