CVE-2025-67652 MEDIUM

CVE-2025-67652: AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password

Vendor Automationdirect
Product CLICK Programmable Logic Controller
Weakness CWE-261
Published January 22, 2026
Last update January 23, 2026

CVSS base score

6.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leaving sensitive information more vulnerable.

Key dates

02Disclosure timeline

January 22, 2026 CVE published
January 23, 2026 Record updated