CVE-2021-32982 HIGH

CVE-2021-32982: Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information

Vendor Automation Direct
Product CLICK PLC CPU Modules: C0-1x CPUs
Weakness CWE-319 · Cleartext transmission
Published April 4, 2022
Last update April 16, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.

Key dates

02Disclosure timeline

April 4, 2022 CVE published
April 16, 2025 Record updated