CVE-2025-58473 AutomationDirect CVE debrief

Who should care

OT/ICS operators, control-system engineers, system integrators, and defenders responsible for AutomationDirect CLICK PLUS PLCs running affected firmware, especially deployments exposed to broader internal networks.

Technical summary

The advisory describes an improper resource shutdown/release condition in CLICK PLUS firmware 3.60 that can be triggered without authentication. The documented impact is availability-only: an attacker can consume all available device sessions of the Click Programming Software, resulting in denial of service. The supplied CVSS vector is 3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (5.9, Medium).

Defensive priority

Medium overall; prioritize faster action for any affected PLCs reachable from corporate or plant networks.

Recommended defensive actions

• Upgrade affected CLICK PLUS firmware to V3.80 as recommended by AutomationDirect.
• If immediate upgrading is not possible, isolate the PLC from external networks and limit connectivity to trusted internal or air-gapped systems.
• Restrict physical and logical access to authorized personnel only.
• Use application whitelisting and host/network controls to prevent unauthorized access attempts against engineering workstations and related systems.
• Enable and review logs and monitoring for unusual session exhaustion or repeated connection attempts.
• Maintain tested backups of PLC configurations and validate recovery procedures before changes are made.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-266-01 and the supplied source item metadata, both published/modified on 2025-09-23. The source explicitly states the affected device/firmware, the unauthenticated denial-of-service impact, and the vendor-recommended upgrade to V3.80. No additional exploitation details are included beyond the supplied advisory.

Official resources