CVE-2025-58069 AutomationDirect CVE debrief

Who should care

Operators, integrators, and maintenance teams responsible for AutomationDirect CLICK PLUS C0-0x, C0-1x, and C2-x CPU firmware, especially environments running firmware 3.60 or exposed to broader networks.

Technical summary

The issue is a hard-coded cryptographic key in CLICK PLUS firmware 3.60. According to the advisory, the AES key protects the initial messages of a new KOPS session. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating a network-reachable issue with low confidentiality impact and no integrity or availability impact in the provided scoring.

Defensive priority

Medium. Prioritize upgrading exposed or operationally sensitive PLC deployments first, especially where the device is reachable beyond a tightly controlled industrial network.

Recommended defensive actions

• Update CLICK PLUS firmware to V3.80 as recommended by AutomationDirect.
• If immediate updating is not possible, isolate the PLC from external networks and use trusted, dedicated internal or air-gapped communications.
• Restrict physical and logical access to authorized personnel only.
• Use application whitelisting to allow only trusted software.
• Enable endpoint protection and host-based firewalls where applicable.
• Enable and regularly review logs for suspicious or unauthorized activity.
• Maintain secure, tested backups of PLC configurations and recovery procedures.
• Reassess operational risk while running outdated firmware until remediation is complete.

Evidence notes

The supplied CISA CSAF advisory for ICSA-25-266-01 states that firmware 3.60 is affected and that AutomationDirect recommends upgrading to V3.80. The advisory also lists compensating controls for systems that cannot be updated immediately. The provided enrichment does not list a CISA KEV entry for this CVE.

Official resources