AutomationDirect CLICK PLUS

Risk Summary

Successful exploitation of these vulnerabilities disclose sensitive information, modify device settings, escalate privileges, or cause a denial-of-service condition on the affected device.

CVEs (7)

Remediations

• AutomationDirect recommends that users update CLICK PLUS and firmware to V3.80.
• If the update cannot be applied right away, the following compensating controls are recommended until the upgrade can be performed:
• Network Isolation – Disconnect the CLICK PLUS PLC from external networks (e.g., the internet or corporate LAN) to reduce exposure.
• Secure Communications – Use only trusted, dedicated internal networks or air-gapped systems for device communication.
• Access Control – Restrict both physical and logical access to authorized personnel only.
• Application Whitelisting – Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.
• Endpoint Protection – Use antivirus or EDR tools, and configure host-based firewalls to block unauthorized access attempts.
• Logging & Monitoring – Enable and regularly review system logs to detect suspicious or unauthorized activity.
• Backup & Recovery – Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.
• Ongoing Risk Assessment – Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.

Affected Vendors

Affected Products (3)

Affected Sectors

Critical Manufacturing