CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2021-32982 – Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2021-32982
04 Apr 2022 — Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange. Módulos de CPU de PLC CLICK de Automation Direct: CPUs C0-1x con versiones de firmware anteriores a v3.00, las contraseñas son enviadas como texto plano durante el desbloqueo y las transferencias de proyectos. Un atacante que tenga visibilidad de la red puede observar el intercambio d... • https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2021-32986 – Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
https://notcve.org/view.php?id=CVE-2021-32986
04 Apr 2022 — After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly. Después de los módulos de CPU del PLC CLICK de Automation Direct: C0-1x con versiones de firmware anteriores a... • https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2021-32984 – Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
https://notcve.org/view.php?id=CVE-2021-32984
04 Apr 2022 — All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization. Todas las conexiones de programación reciben los mismos privilegios desbloqueados, lo que puede resultar en una escalada de privilegios. Durante el tiempo que los Módulos de CPU de PLC CLICK ... • https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2021-32978 – Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password
https://notcve.org/view.php?id=CVE-2021-32978
04 Apr 2022 — The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00. El protocolo de programación permite que un atacante lea la contraseña introducida previamente y el estado de bloqueo. Si la contraseña introducida previamente fue satisfactoria, el atacante puede usar la contraseña para d... • https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2021-32980 – Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
https://notcve.org/view.php?id=CVE-2021-32980
04 Apr 2022 — Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active. Módulos de CPU del PLC CLICK de Automation Direct: Las CPUs C0-1x con firmware versiones anteriores a v3.00, no protegen contra conexiones de programación de software adicionales. Un atacante puede conectarse al PLC mientras una conexión presente ya está activa • https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •