PatchSiren cyber security CVE debrief
CVE-2025-55069 AutomationDirect CVE debrief
CVE-2025-55069 is a high-severity issue in AutomationDirect CLICK PLUS PLC firmware version 3.60. CISA’s advisory says the device uses a predictable seed for its pseudo-random number generator, which can compromise the security of generated private keys. The vendor recommends upgrading to firmware V3.80 and applying compensating controls if immediate patching is not possible. CISA published the advisory on 2025-09-23.
- Vendor
- AutomationDirect
- Product
- CLICK PLUS C0-0x CPU firmware
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-09-23
- Original CVE updated
- 2025-09-23
- Advisory published
- 2025-09-23
- Advisory updated
- 2025-09-23
Who should care
Industrial control system operators, OT security teams, and administrators responsible for AutomationDirect CLICK PLUS C0-0x, C0-1x, or C2-x CPU firmware, especially any deployment still running firmware 3.60 and relying on generated private keys.
Technical summary
The advisory describes a predictable-seed weakness in the firmware’s pseudo-random number generator. Because the seed is predictable, cryptographic material derived from that generator—specifically private keys mentioned in the source—may be less secure than intended. The source scope identifies CLICK PLUS PLC firmware version 3.60 and does not provide additional exploitation details.
Defensive priority
High. Prioritize upgrading affected systems to firmware V3.80, particularly where private-key-based trust, remote access, or network exposure increases the impact of weak key generation.
Recommended defensive actions
- Upgrade CLICK PLUS firmware to V3.80 using AutomationDirect’s support/software download channel.
- If patching must wait, disconnect the PLC from external networks such as the internet or corporate LAN.
- Use trusted, dedicated internal networks or air-gapped systems for device communication.
- Restrict physical and logical access to authorized personnel only.
- Enable logging and regularly review logs for suspicious or unauthorized activity.
- Maintain secure, tested backups of PLC configurations.
- Continuously reassess risk while running outdated firmware.
Evidence notes
Primary evidence comes from CISA’s CSAF advisory ICSA-25-266-01 for CVE-2025-55069, published 2025-09-23, which identifies AutomationDirect CLICK PLUS CPU firmware products and states that firmware version 3.60 has a predictable PRNG seed affecting private key security. The same advisory lists vendor remediation to update to firmware V3.80 and provides compensating controls. The CVE and NVD links are included as official records, but the advisory text supplied here is the main source for this debrief.
Official resources
-
CVE-2025-55069 CVE record
CVE.org
-
CVE-2025-55069 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-25-266-01 for CVE-2025-55069 on 2025-09-23. No KEV listing was provided in the supplied source data.