PatchSiren cyber security CVE debrief
CVE-2025-59484 AutomationDirect CVE debrief
CVE-2025-59484 affects AutomationDirect CLICK PLUS PLC firmware, where firmware version 3.60 uses an insecure implementation of RSA. CISA published the advisory on 2025-09-23 with a HIGH CVSS score of 8.3. The vendor recommends upgrading to firmware V3.80; until then, limit exposure and apply defensive controls appropriate for industrial control environments.
- Vendor
- AutomationDirect
- Product
- CLICK PLUS C0-0x CPU firmware
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-09-23
- Original CVE updated
- 2025-09-23
- Advisory published
- 2025-09-23
- Advisory updated
- 2025-09-23
Who should care
Industrial control system operators, automation engineers, plant security teams, and integrators using CLICK PLUS C0-0x, C0-1x, or C2-x CPU firmware should treat this as relevant, especially if devices are reachable from broader networks.
Technical summary
The advisory describes a broken or risky cryptographic algorithm issue in CLICK PLUS PLC firmware version 3.60, specifically an insecure RSA implementation. The supplied CVSS vector indicates network-adjacent impact with required user interaction and potential effects to confidentiality and integrity, plus limited availability impact. The source material does not provide exploit details, only the firmware version and cryptographic weakness.
Defensive priority
High priority for affected deployments, especially any CLICK PLUS PLCs that are network-connected or difficult to isolate. Vendor remediation is available in firmware V3.80, so upgrade planning should be immediate.
Recommended defensive actions
- Upgrade CLICK PLUS firmware to V3.80 using AutomationDirect’s software download/support process.
- If immediate upgrading is not possible, disconnect or isolate the PLC from external networks such as the internet or corporate LAN.
- Use trusted, dedicated internal networks or air-gapped systems for device communications.
- Restrict physical and logical access to authorized personnel only.
- Enable logging and monitoring and review logs for suspicious or unauthorized activity.
- Maintain tested backups of PLC configurations and recovery procedures.
- Apply application whitelisting and host-based protection controls where they are operationally appropriate in the environment.
- Continuously reassess risk for any system still running outdated firmware.
Evidence notes
All core facts come from the supplied CISA CSAF advisory for ICSA-25-266-01 / CVE-2025-59484 and its metadata: affected product families are CLICK PLUS C0-0x CPU firmware, C0-1x CPU firmware, and C2-x CPU firmware; the vulnerable firmware version is 3.60; the vendor remediation is firmware V3.80; the advisory was initially published on 2025-09-23. No KEV listing, ransomware association, or exploit scenario was provided in the source corpus.
Official resources
-
CVE-2025-59484 CVE record
CVE.org
-
CVE-2025-59484 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA and the CSAF source on 2025-09-23. The supplied data does not indicate KEV listing or known ransomware use.